https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66316
Bug ID: 66316
Summary: Usage of wrong template function for classes in
different modules but having the same name
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: minor
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: trufanovan at gmail dot com
Target Milestone: ---
gcc version 4.9.2 (Ubuntu 4.9.2-10ubuntu13)
Full gcc -v output is here: http://pastebin.com/apZhYVUU
gcc is used via latest QtCreator. The problem is reproducible in debug build
mode only. Unfortunately, I don't know which gcc parameters Qt toolchain is
using with debug builds.
Additional parameters specified in my project file: -std=c++11 (may be
irrelevant - didn't check)
Original problem description:
https://github.com/JohnLangford/vowpal_wabbit/issues/655
Description:
Application has two .cpp modules. Let's say 1.cpp and 2.cpp.
In each module there is a definition of struct N. Name N is the same for both.
So we have two different structure declarations with the same name N. Compiler
gives ok for such naming as they are not exposed from their modules and used
internally in them. No namespaces are used.
And structures have different number of fields. One has 1 field and another is
6 fields long.
There is also a template function in a header file 3.h which is used in both (
1.cpp and 2.cpp) for objects allocation. It's:
template<class T>
T* calloc_or_die()
{
void* data = calloc(1, sizeof(T));
if (data == nullptr) throw std::exception();
return (T*)data;
}
Its usage:
N& data& = *calloc_or_die<N>(); // same usage for both modules
Both cpp files call this function each for its own structure N.
The problem is in following:
In debug builds compiler might use calloc_or_die<N> implementation of one
struct to allocate memory for another. As they have different number of fields
the sizeof(T) will be different. So you might allocate 8 bites (1 field struct)
but access it via pointer to struct with size 48 bites (6 field struct). In
this case if you once write something to fields #2-#6 the app will eventually
randomly crashes with SEGFAULT at some free() function call. free() may be
called even not for these classes. It just some memory corruption flag that
raised after accessing unallocated memory block or something like that.
Valgrind used with -fmudflap flag is able to detect line where memory
corruption happens. Thus I was able to debug this.
I believe that compiler mistakenly links to a wrong implementation of
calloc_or_die<N>. The problem was workarounded by simple renaming struct N
declaration in one of modules to M.
