Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1564790 - Memory errors in dtors called after exception is thrown
Summary: Memory errors in dtors called after exception is thrown
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gcc
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-07 21:54 UTC by Petr Machata
Modified: 2018-08-10 14:15 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-10 14:15:52 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNU Compiler Collection 85393 0 None None None 2018-04-13 11:38:39 UTC

Description Petr Machata 2018-04-07 21:54:10 UTC
Description of problem:
A test suite of my package fails mysteriously in today's rawhide mock. I minimized the problem into the following two snippets:

--- y.cc ---
#include <stdexcept>
#include <vector>

void foo (char const *);

struct k {
  ~k () noexcept (false) {
    throw std::runtime_error ("foo");
  }
};

int
main(int argc, char *argv[])
{
  std::vector <std::vector <char>> args;
  try
    {
      {
        k k;
        foo ("A");
      }

      if (argv)
        throw std::runtime_error ("foo");
      args.push_back ({});
    }
  catch (std::runtime_error const& e)
    {}
}

--- x.cc ---
void foo (char const *str) {}

Steps to reproduce:
1. g++ -g -std=c++11 -O2 -g y.cc x.cc
2. valgrind ./a.out

Version-Release number of selected component (if applicable):
gcc-8.0.1-0.20.fc29.x86_64

Actual results:
==12683== Command: ./a.out
==12683== 
==12683== Invalid read of size 8
==12683==    at 0x400B84: std::vector<std::vector<char, std::allocator<char> >, std::allocator<std::vector<char, std::allocator<char> > > >::~vector() (stl_vector.h:567)
==12683==    by 0x4009BE: main (y.cc:15)
==12683==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==12683== 
==12683== 
==12683== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==12683==  Access not within mapped region at address 0x8
==12683==    at 0x400B84: std::vector<std::vector<char, std::allocator<char> >, std::allocator<std::vector<char, std::allocator<char> > > >::~vector() (stl_vector.h:567)
==12683==    by 0x4009BE: main (y.cc:15)

Expected results:
An expensive NOP.

Additional info:
The SIGSEGV backtrace as per gdb:
#0  0x0000000000400b84 in std::vector<std::vector<char, std::allocator<char> >, std::allocator<std::vector<char, std::allocator<char> > > >::~vector (this=0x0, __in_chrg=<optimized out>)
    at /usr/include/c++/8/bits/stl_vector.h:565
#1  0x00000000004009bf in main () at /usr/include/c++/8/bits/stl_vector.h:300
#2  0x00007ffff71041eb in __libc_start_main () from /lib64/libc.so.6
#3  0x0000000000400a6a in _start () at y.cc:24

Comment 1 Petr Machata 2018-04-07 23:45:39 UTC
(Seems to be reproducible on F 28 as well, with gcc-8.0.1-0.20.fc28.x86_64)

Comment 2 Marek Polacek 2018-04-13 02:09:37 UTC
Thanks for the bug report.  Seems to have started with gcc.gnu.org/r250360.

Comment 3 Jakub Jelinek 2018-04-13 08:25:23 UTC
Strange, I've bisected it to http://gcc.gnu.org/r254832 instead (admittedly, using g++ 7.x headers).

Comment 4 Marek Polacek 2018-08-10 14:15:52 UTC
Fixed in 8.0.1-0.22.


Note You need to log in before you can comment on or make changes to this bug.