https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61751
Bug ID: 61751
Summary: Empty brace-initializer causes double destruction of
unique_ptr
Product: gcc
Version: 4.8.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: perso...@e-maxx.ru
Created attachment 33091
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33091&action=edit
Full example.
Use of empty brace-initializer in default function argument causes strange
effects and, finally, crashes.
The minimal code is:
#include <memory>
class A {
std::unique_ptr<int> ptr_;
public:
A() : ptr_(new int(123))
{ }
A(A&& other) : ptr_(std::move(other.ptr_))
{ }
};
void f(A a)
{ }
void g(A a = {}) // replace "{}" with "A()" makes it work
{ f(std::move(a)); }
int main()
{ g(); }
There is a more detailed example in the attachment, which produces some debug
output, e.g.:
A() called [this=0x7ffffbac34f0, constructed unique_ptr=0xe18010]
A(A&&) called [this=0x7ffffbac34b0, other=0x7ffffbac34d0]
~A() called [this=0x7ffffbac34b0, unique_ptr=0xe18010]
~A() called [this=0x7ffffbac34f0, unique_ptr=0xe18010]
*** glibc detected *** ./a.out: double free or corruption (fasttop):
0x0000000000e18010 ***
On the contrary, using some correct version of compiler (I tried 4.6.3 and
4.9.0) we get:
A() called [this=0x7fff77c52810, constructed unique_ptr=0xe1c010]
A(A&&) called [this=0x7fff77c527e0, other=0x7fff77c52810]
~A() called [this=0x7fff77c527e0, unique_ptr=0xe1c010]
~A() called [this=0x7fff77c52810, unique_ptr=0]
As it can be seen, the difference is that the bogus version moves from object
that has never been constructed.
