cc1': double free or corruption (fasttop): 0x0000000003c15810 *)

aldyh at gcc dot gnu.org Thu, 01 Dec 2016 02:02:48 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78548


Aldy Hernandez <aldyh at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|c                           |middle-end

--- Comment #6 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
Among other things, the main problem here is that we save all the pred_chains
from preds[] into s_preds[], then we free all said pred_chains with
destroy_predicate_vecs(), but still keep a copy of the pred_chains in s_preds,
which we later try to free from normalize_preds():

  /* Now clean up the chain.  */
  if (simplified)
    {
      for (i = 0; i < n; i++)
        {
          if ((*preds)[i].is_empty ())
            continue;
          s_preds.safe_push ((*preds)[i]);
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
// Makes a copy of the pred_chain.
        }

      destroy_predicate_vecs (preds);
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
// free() all the pred_chain's.
      (*preds) = s_preds;
// ^^^^^^^^^^^^^^^^^^^^^^
// Wait a minute, we still keep a copy of the pred_chains.
      s_preds = vNULL;
    }

I have no idea how this worked even before my patch.

I'm testing a fix.

[Bug middle-end/78548] [7 Regression ]ICE on valid C code on x86_64-linux-gnu at -O2 and -O3 in 64-bit mode with -Wall (*** Error in `/usr/local/gcc-trunk/libexec/gcc/x86_64-pc-linux-gnu/7.0.0/cc1': double free or corruption (fasttop): 0x0000000003c15810 ***)

Reply via email to

[Bug middle-end/78548] [7 Regression ]ICE on valid C code on x86_64-linux-gnu at -O2 and -O3 in 64-bit mode with -Wall (* Error in `/usr/local/gcc-trunk/libexec/gcc/x86_64-pc-linux-gnu/7.0.0/cc1': double free or corruption (fasttop): 0x0000000003c15810 *)