[Bug c++/104872] Memory corruption in Coroutine with POD type

Wed, 02 Nov 2022 04:48:30 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104872

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-11-02
             Status|UNCONFIRMED                 |NEW

--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
       view: 0x60f000000050 default
       view: 0x60f0000000a0 generate
move-assign: 0x60f000000050 <= 0x60f000000080 default <= generate
   destruct: 0x60f000000080 
   destruct: 0x60f0000000a0 generate
   destruct: 0x60f000000050 generate
=================================================================
==624938==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x60f0000000b0 in thread T0
    #0 0x7f559baa6898 in operator delete(void*)
/home/jwakely/src/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152
    #1 0x403260 in logging_string::~logging_string() /tmp/coro.C:21
    #2 0x4034e9 in wrapper::~wrapper() /tmp/coro.C:33
    #3 0x403695 in generator::promise_type::~promise_type() /tmp/coro.C:44
    #4 0x402b60 in generate /tmp/coro.C:81
    #5 0x402d90 in generate /tmp/coro.C:79
    #6 0x403815 in
std::__n4861::coroutine_handle<generator::promise_type>::destroy() const
/home/jwakely/gcc/13/include/c++/13.0.0/coroutine:242
    #7 0x4034cd in generator::~generator() /tmp/coro.C:72
    #8 0x402e45 in main /tmp/coro.C:87
    #9 0x7f559b4b850f in __libc_start_call_main (/lib64/libc.so.6+0x2950f)
(BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c)
    #10 0x7f559b4b85c8 in __libc_start_main_impl (/lib64/libc.so.6+0x295c8)
(BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c)
    #11 0x402294 in _start (/tmp/a.out+0x402294)

0x60f0000000b0 is located 112 bytes inside of 168-byte region
[0x60f000000040,0x60f0000000e8)
allocated by thread T0 here:
    #0 0x7f559baa5e58 in operator new(unsigned long)
/home/jwakely/src/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x40237f in generate /tmp/coro.C:81
    #2 0x402e2d in main /tmp/coro.C:85
    #3 0x7f559b4b850f in __libc_start_call_main (/lib64/libc.so.6+0x2950f)
(BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c)

SUMMARY: AddressSanitizer: bad-free
/home/jwakely/src/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:152 in operator
delete(void*)
==624938==ABORTING


Probably another dup of PR 98401 or one of the other similar coro bugs.

Reply via email to