https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80816
Bug ID: 80816
Summary: thread_local destructor on windows cause
use-after-free
Product: gcc
Version: 6.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: ebarbaro at simteq dot com
Target Milestone: ---
Created attachment 41382
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41382&action=edit
self contained example
Use of C++11 thread_local on mingw64 seems to suffer a use-after-free when the
thread_local object is destroyed.
The attached code prints "~foo():5" when executed normally. But if it is run
through gdb it prints "~foo():feeefeee".
"feeefeee" seems to be magic number used by the windows CRT debug HeapFree() to
mark deallocated blocks. It seems that the dynamic memory used to store the
thread_local object is free'd before the thread_local destructor is called.
gcc --version
gcc.exe (Rev3, Built by MSYS2 project) 6.3.0
