https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104384
Bug ID: 104384 Summary: Heap corruption when initializing struct with co_await Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: max at duempel dot org Target Milestone: --- Created attachment 52350 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52350&action=edit Crashing demo program When initializing struct members, and one struct member gets initialized with a co_awaited values, the following struct members can be corrupted. Tested with: - gcc version 10.2.1 20210110 (Debian 10.2.1-6) - gcc version 11.2.0 (Debian 11.2.0-16) - gcc version 12.0.1 20220126 (experimental) [master r12-6872-gf3e6ef7d873] (Debian 12-20220126-1) clang ("Debian clang version 11.0.1-2") is fine. My demo program crashes like this: $ g++ -o cocrash2 cocrash2.cxx -fcoroutines -std=c++20 && valgrind ./cocrash2 ==1947496== Memcheck, a memory error detector ==1947496== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1947496== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==1947496== Command: ./cocrash2 ==1947496== ==1947496== Invalid free() / delete / delete[] / realloc() ==1947496== at 0x484008B: operator delete(void*, unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1947496== by 0x10C438: __gnu_cxx::new_allocator<char>::deallocate(char*, unsigned long) (in /tmp/cocrash2) ==1947496== by 0x10C0EC: std::allocator_traits<std::allocator<char> >::deallocate(std::allocator<char>&, char*, unsigned long) (in /tmp/cocrash2) ==1947496== by 0x10BE29: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_destroy(unsigned long) (in /tmp/cocrash2) ==1947496== by 0x10B973: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose() (in /tmp/cocrash2) ==1947496== by 0x10B167: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() (in /tmp/cocrash2) ==1947496== by 0x10AE5F: Foo::~Foo() (in /tmp/cocrash2) ==1947496== by 0x10AA61: main (in /tmp/cocrash2) ==1947496== Address 0x4db6d20 is 160 bytes inside a block of size 200 alloc'd ==1947496== at 0x483EDEF: operator new(unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1947496== by 0x10A593: MakeFoo(bool) (in /tmp/cocrash2) ==1947496== by 0x10A9F3: main (in /tmp/cocrash2) ==1947496==