------- Comment #11 from jason at gcc dot gnu dot org 2009-06-10 20:12 ------- I don't think it's possible to reproduce this in C because C doesn't have constructors, so it's obvious when the address is taken. Here's what's happening:
baz uses new to allocate an A with f=0,l=0, call it A' baz creates and returns a temporary H' with a=A',p=0,n=0 bar modifies A', setting f and l to &H'. (elided copy) main calls operator= to copy H' to g. this sets a=A',p=0,n=0 then bar sets g.p to &H', H'.n to &g and A'.l to &g. main destroys H'. H'.p is 0, so we set A'.f to H'.n, or &g. H'.n is &g, so we set g.p to H'.p, or 0. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40389
