From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-prs-return-33243-listarch-gcc-prs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 9668 invoked by alias); 17 Apr 2003 20:06:00 -0000
Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-prs/>
List-Post: <mailto:gcc-prs@gcc.gnu.org>
List-Help: <mailto:gcc-prs-help@gcc.gnu.org>
Sender: gcc-prs-owner@gcc.gnu.org
Received: (qmail 9647 invoked by uid 71); 17 Apr 2003 20:06:00 -0000
Resent-Date: 17 Apr 2003 20:06:00 -0000
Resent-Message-ID: <20030417200600.9645.qmail@sources.redhat.com>
Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer)
Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org,
  Toni Timonen <ttimonen@users.sourceforge.net>
Resent-Reply-To: gcc-gnats@gcc.gnu.org, 188527@bugs.debian.org
Received: (qmail 5858 invoked from network); 17 Apr 2003 19:59:53 -0000
Received: from unknown (HELO hirsch.in-berlin.de) (192.109.42.6)
  by sources.redhat.com with SMTP; 17 Apr 2003 19:59:53 -0000
Received: from tango.net.local (mail@dsl-213-023-142-148.arcor-ip.net [213.23.142.148])
	(authenticated bits=0)
	by hirsch.in-berlin.de (8.12.9/8.12.9/Debian-1) with ESMTP id h3HJxptl006714
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT);
	Thu, 17 Apr 2003 21:59:51 +0200
Received: from doko by tango.net.local with local (Exim 4.12 #1 (Debian) [+araqnid])
	id 196FXy-0000KI-00; Thu, 17 Apr 2003 21:59:50 +0200
Message-Id: <E196FXy-0000KI-00@tango.net.local>
Date: Thu, 17 Apr 2003 20:06:00 -0000
From: Matthias Klose <doko@net.local>
Reply-To: 188527@bugs.debian.org
To: gcc-gnats@gcc.gnu.org, debian-gcc@lists.debian.org
X-Send-Pr-Version: 3.113
X-GNATS-Notify: Toni Timonen <ttimonen@users.sourceforge.net>
Subject: c++/10427: [3.0/3.2/3.3/3.4 regression] Stack corruption with variable-length automatic arrays and virtual destructors
X-SW-Source: 2003-04/txt/msg00813.txt.bz2
List-Id: <gcc-prs.sourceware.org>


>Number:         10427
>Category:       c++
>Synopsis:       [3.0/3.2/3.3/3.4 regression] Stack corruption with variable-length automatic arrays and virtual destructors
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          wrong-code
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 17 20:06:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Toni Timonen <ttimonen@users.sourceforge.net>
>Release:        
>Organization:
The Debian Project
>Environment:
>Description:
[ Reported to the Debian BTS as report #188527.
  Please CC 188527@bugs.debian.org on replies.
  Log of report can be found at http://bugs.debian.org/188527 ]
	

Regression from 2.95, rechecked with 3.0.4, 3.2 20030415, 3.3
20030415, HEAD 20030329.

the following program compiles (compiled as "g++ stackcorrupt.cpp"), 
but crashes when run. It seems that the stack gets corrupted with that
variable-length array when A class with a virtual function is used
and the length assigning variable(foo) is being changed.

stackcorrupt.cpp:
--snip--
class A {
  public:
  virtual ~A() {}
};

int main(void) {
  int foo=1;
  A bar[foo];
  foo++;
  return 0;
}
--snip-- 

The same problem can also be reproduced by using the compiler from the 
gcc-snapshot (20030314-1) or with the g++-3.0 (3.0.4-13). The g++-2.95
(2.95.4-17) does not have the same problem.

>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: