https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123578
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Valgrind says: ==742641== Invalid free() / delete / delete[] / realloc() ==742641== at 0x56E3E43: free (vg_replace_malloc.c:990) ==742641== by 0x8B122F: cxx_printable_name_internal(tree_node*, int, bool) (tree.cc:2866) ==742641== by 0x8B12E1: cxx_printable_name(tree_node*, int) (tree.cc:2877) ==742641== by 0xAEEA64: symtab_node::name() const (symtab.cc:576) ==742641== by 0xAEEA9C: symtab_node::get_dump_name(bool) const (symtab.cc:583) ==742641== by 0xAEEB16: symtab_node::dump_name() const (symtab.cc:595) ==742641== by 0xEC0868: analyze_function_body(cgraph_node*, bool) (ipa-fnsummary.cc:2915) ==742641== by 0xEC319C: compute_fn_summary(cgraph_node*, bool) (ipa-fnsummary.cc:3515) ==742641== by 0xEC3269: compute_fn_summary_for_current() (ipa-fnsummary.cc:3545) ==742641== by 0xEC8D9A: (anonymous namespace)::pass_local_fn_summary::execute(function*) (ipa-fnsummary.cc:5216) ==742641== by 0x110B607: execute_one_pass(opt_pass*) (passes.cc:2656) ==742641== by 0x110BA4B: execute_pass_list_1(opt_pass*) (passes.cc:2769) ==742641== Address 0x14ab74b0 is 0 bytes inside a block of size 226 free'd ==742641== at 0x56E3E43: free (vg_replace_malloc.c:990) ==742641== by 0x8B122F: cxx_printable_name_internal(tree_node*, int, bool) (tree.cc:2866) ==742641== by 0x8B12E1: cxx_printable_name(tree_node*, int) (tree.cc:2877) ==742641== by 0x9A11D3: c_genericize(tree_node*) (c-gimplify.cc:818) ==742641== by 0x4FBB92: cp_genericize(tree_node*) (cp-gimplify.cc:2612) ==742641== by 0x590F56: finish_function(bool) (decl.cc:20551) ==742641== by 0x8217F4: instantiate_body(tree_node*, tree_node*, tree_node*, bool) (pt.cc:28140) ==742641== by 0x8231BC: instantiate_decl(tree_node*, bool, bool) (pt.cc:28413) ==742641== by 0x82349C: instantiate_pending_templates(int) (pt.cc:28488) ==742641== by 0x5B33FE: c_parse_final_cleanups() (decl2.cc:5612) ==742641== by 0x9C6A5E: c_common_parse_file() (c-opts.cc:1440) ==742641== by 0x1296243: compile_file() (toplev.cc:455) ==742641== Block was alloc'd at ==742641== at 0x56E0B26: malloc (vg_replace_malloc.c:447) ==742641== by 0x32D797B: xmalloc (xmalloc.c:149) ==742641== by 0x32D7AAD: xstrdup (xstrdup.c:34) ==742641== by 0x8B1252: cxx_printable_name_internal(tree_node*, int, bool) (tree.cc:2868) ==742641== by 0x8B12E1: cxx_printable_name(tree_node*, int) (tree.cc:2877) ==742641== by 0x9A11D3: c_genericize(tree_node*) (c-gimplify.cc:818) ==742641== by 0x4FBB92: cp_genericize(tree_node*) (cp-gimplify.cc:2612) ==742641== by 0x590F56: finish_function(bool) (decl.cc:20551) ==742641== by 0x8217F4: instantiate_body(tree_node*, tree_node*, tree_node*, bool) (pt.cc:28140) ==742641== by 0x8231BC: instantiate_decl(tree_node*, bool, bool) (pt.cc:28413) ==742641== by 0x82349C: instantiate_pending_templates(int) (pt.cc:28488) ==742641== by 0x5B33FE: c_parse_final_cleanups() (decl2.cc:5612) but it is unclear to me how free call at the same line could have resulted in double free. It is a static var in the function: static char *print_ring[PRINT_RING_SIZE]; and free (print_ring[ring_counter]); print_ring[ring_counter] = xstrdup (lang_decl_name (decl, v, translate));
