http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59362
--- Comment #2 from Markus Trippelsdorf <octoploid at yandex dot com> ---
Reduced:
markus@x4 tmp % cat test.i
char *a;
long int b;
void enc_format() {
b = __builtin_object_size(0, 0);
a = __builtin___stpcpy_chk(0, "", b);
b = __builtin_object_size(a, 0);
}
markus@x4 tmp % gcc -c -O2 test.i
*** Error in `/usr/libexec/gcc/x86_64-pc-linux-gnu/4.9.0/cc1': free(): invalid
next size (fast): 0x00000000029aaab0 ***
======= Backtrace: =========
...
