https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78747
Bug ID: 78747
Summary: Duplicate _S_empty_rep_storage causes crash when
STV_HIDDEN
Product: gcc
Version: 6.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: jengelh at inai dot de
Target Milestone: ---
The following testcase produces a crashing program.
The gist seems to be that main.o and lib1.o each get a copy of the
std::basic_string<T>::Rep::_M_dispose function, and along with it, the
_ZNSbIDsSt11char_traitsIDsESaIDsEE4_Rep20_S_empty_rep_storageE symbol. They get
marked hidden by the used symbol visiblity file (see below), which means that
they will not be combined by the runtime linker, and each _M_dispose tests for
its own empty_rep only, leading to Undesired Behavior when one _M_dispose gets
the other _S_empty_rep_storage.
void
_M_dispose(const _Alloc& __a) _GLIBCXX_NOEXCEPT
{
#if _GLIBCXX_FULLY_DYNAMIC_STRING == 0
if (__builtin_expect(this != &_S_empty_rep(), false))
#endif
In other words, a situation arises which is loosely described in the gcc
manpage: "-fvisibility-inlines-hidden This switch declares that the user
does not attempt to compare pointers to inline functions or methods", but here,
we have a third case, a static object.
So, are version-scripts with local:* basically incompatible with C++? Trying to
figure out whether this is just a documentation RFE, or whether there is
something that could be done to libstdc++ to improve the situation (abandoning
pointerish comparisons?) Maybe bug #54173 is related too.
---main.cpp--
#include <string>
__attribute__((visibility("default"))) void l1_func(std::u16string &);
int main(void)
{
std::u16string a;
a.append(a);
l1_func(a);
return 0;
}
---lib1.cpp---
#include <string>
__attribute__((visibility("default"))) void l1_func(std::u16string &);
void l1_func(std::u16string &a) {
static const char16_t t[] = {41, 42};
a.append(t, 2);
}
---lib.sym---
ABC { global: *l1_func*; local: *; };
---makeit.sh---
g++ -std=gnu++11 lib1.cpp -shared -fPIC -o lib1.so -Wl,--version-script=lib.sym
g++ -std=gnu++11 ldr.cpp ./lib1.so
--- Observed behavior ---
11:13 zap:/dev/shm/t > ./mk
11:13 zap:/dev/shm/t > ./a.out
*** Error in `./a.out': free(): invalid pointer: 0x00000000006020a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x721af)[0x7f794e17c1af]
/lib64/libc.so.6(+0x779d6)[0x7f794e1819d6]
/lib64/libc.so.6(+0x78723)[0x7f794e182723]
./lib1.so(+0x149a)[0x7f794ed4b49a]
./lib1.so(+0x140d)[0x7f794ed4b40d]
./lib1.so(+0x11d0)[0x7f794ed4b1d0]
./lib1.so(+0xf19)[0x7f794ed4af19]
./lib1.so(+0xbd8)[0x7f794ed4abd8]
./lib1.so(_Z7l1_funcRSbIDsSt11char_traitsIDsESaIDsEE+0x24)[0x7f794ed4aaaa]
./a.out[0x4009de]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f794e12a6e5]
./a.out[0x400839]
Using built-in specs.
COLLECT_GCC=g++-6
COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/6/lto-wrapper
Target: x86_64-suse-linux
Configured with: ../configure --prefix=/usr --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
--enable-languages=c,c++,objc,fortran,obj-c++,java,ada,go
--enable-offload-targets=hsa --enable-checking=release
--with-gxx-include-dir=/usr/include/c++/6 --enable-ssp --disable-libssp
--disable-libvtv --disable-libcc1 --disable-plugin
--with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux'
--disable-libgcj --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit
--enable-libstdcxx-allocator=new --disable-libstdcxx-pch
--with-default-libstdcxx-abi=gcc4-compatible
--enable-version-specific-runtime-libs --enable-linker-build-id
--enable-linux-futex --enable-gnu-indirect-function --program-suffix=-6
--without-system-libunwind --enable-multilib --with-arch-32=x86-64
--with-tune=generic --build=x86_64-suse-linux --host=x86_64-suse-linux
Thread model: posix
gcc version 6.2.1 20161121 [gcc-6-branch revision 242657] (SUSE Linux)
