https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71867
Bug ID: 71867 Summary: Optimizer generates code dereferencing a null pointer Product: gcc Version: 5.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: vz-gcc at zeitlins dot org Target Milestone: --- First of all, I'd like to say that I'm reporting this bug because it looks like a rather bad problem in gcc to me, but I don't have any simple example reproducing it because I couldn't produce one even in spite of spending some time on this, so please feel free to close if you're not interested in debugging this. The problem in question is that, according to the original bug report (see http://trac.wxwidgets.org/ticket/17483), code generated by gcc -O2 for this method (omitting parts of the class, you can see the full version at https://github.com/wxWidgets/wxWidgets/blob/v3.1.0/include/wx/rtti.h#L86): class wxClassInfo { public: ... bool IsKindOf(const wxClassInfo *info) const { return info != 0 && ( info == this || ( m_baseInfo1 && m_baseInfo1->IsKindOf(info) ) || ( m_baseInfo2 && m_baseInfo2->IsKindOf(info) ) ); } private: const wxClassInfo *m_baseInfo1; const wxClassInfo *m_baseInfo2; }; generates the code which crashes during run-time because m_baseInfo1->IsKindOf() call is done even when m_baseInfo1 is null. The crash doesn't happen with -O0 or even with an attribute optimize("O0") applied to just this function. Unfortunately, extracting this class and compiling just it with -O2 doesn't show the problem, there must be something else triggering it and making the optimizer assume that the pointers can never be null (which is true for almost all classes, but not for the root class of the hierarchy, which is constructed with null base class info pointer). And, again, I tried, but I couldn't find what it was. Rewriting the expression as a sequence of statements, as done in https://github.com/wxWidgets/wxWidgets/commit/aa3acfdd15eff1519a41b48a2babe4cba75660f9, fixes the bug, so from my point of view this particular problem is solved, but, again, I find it rather worrying if the optimizer can miscompile quite straightforward code like above, so I still wanted to report it. If you'd like to look at it, please get any version of wxWidgets prior to the commit above (e.g. 3.1.0 release) and build it under Windows. Of course, please let me know if you need any more information -- other than a simple reproducible test case which I, unfortunately, just can't make. Thanks in advance!