https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63698
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fdumont at gcc dot gnu.org
Severity|normal |major
--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Francois, the bug is in _Reuse_or_alloc_node::_M_extract which returns a node
that has a child. When we reuse the node the child is lost.
The LHS of the assignment looks like this:
(gdb) p this->_M_impl._M_header
$1 = {_M_color = std::_S_red, _M_parent = 0x605010, _M_left = 0x605040,
_M_right = 0x605010}
(gdb) p *$1._M_left
$2 = {_M_color = std::_S_red, _M_parent = 0x605010, _M_left = 0x0, _M_right =
0x0}
(gdb) p *$1._M_right
$3 = {_M_color = std::_S_black, _M_parent = 0x7fffffffd668, _M_left = 0x605040,
_M_right = 0x0}
When that gets handed to the _Reuse_or_alloc_node
this->_M_impl._M_header._M_right->_M_parent gets set to null, so when
_M_extract returns 0x605010 it thinks it has no more nodes to reuse.
