[llvm-bugs] [Bug 91761] Double-destruction (& double-construction) when statement-expression returns

LLVM Bugs via llvm-bugs Fri, 10 May 2024 09:08:10 -0700

Issue	91761
Summary	Double-destruction (& double-construction) when statement-_expression_ returns
Labels	new issue
Assignees
Reporter	higher-performance

    It seems #85398 hasn't been quite fixed. In some sense, I think commit 89ba7e183e6e2c64370ed1b963e54c06352211db actually made things worse, because we now get a double-destruction (which is more likely to cause a security issue) instead of neglecting to run a destructor (which would've been more likely to cause a leak instead).


[Repro](https://godbolt.org/z/obP9dxE4a):

```
#include <stdio.h>
struct D {
    ~D()              { printf("[%p] D::~D()\n" , this); }
    D()               { printf("[%p] D::D()\n" , this); }
    D(int x)          { printf("[%p] D::D(int %d)\n" , this, x); }
    D(D const &other) { printf("[%p] D::D(D const & %p)\n", this, &other); }
};
struct S { D d; int i; };
static S f() { return S{ D(1), ({ return S(); 0; }) }; }
int main() { return f().i; }
```
Clang (trunk):
```
[0x7ffdfbc4df68] D::D(int 1)
[0x7ffdfbc4df68] D::D()
[0x7ffdfbc4df68] D::~D()
[0x7ffdfbc4df68] D::~D()
```
Clang 18.1.0:
```
[0x7fffa42f9e60] D::D(int 1)
[0x7fffa42f9e60] D::D()
[0x7fffa42f9e60] D::~D()
```

Expected behavior: The `D(1)` subobject should be destroyed before `S()` constructs an object on top of it.

Actual behavior: The object is constructed twice at the same location, _then_ destroyed twice at the same location.

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 91761] Double-destruction (& double-construction) when statement-expression returns

Reply via email to