https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84611
David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2018-02-28 CC| |dmalcolm at gcc dot gnu.org Summary|internal compiler error: in |[5/67/8 Regression] ICE in |operator[], at vec.h:826 |operator[], at vec.h:826 |(local_class_index()) |(local_class_index()) Ever confirmed|0 |1 --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Confirmed. 826 gcc_checking_assert (ix < m_vecpfx.m_num); (gdb) p ix $1 = 1 (gdb) p m_vecpfx.m_num $2 = 1 at: 1921 tree type = (*local_classes)[ix]; Bisecting with pre-built cc1plus binaries shows the ICE starts somewhere between r190000 and r190022. Doesn't ICE on my builds of 7, 6, or 5 (presumably due to checking being disabled), but running each of these under valgrind shows the bogus read: ==19292== Invalid read of size 8 ==19292== at 0x783FF4: local_class_index(tree_node*) (mangle.c:1958) ==19292== by 0x78726A: write_name(tree_node*, int) (mangle.c:1990) ==19292== by 0x787B16: write_type(tree_node*) (mangle.c:2841) ==19292== by 0x78EBDA: mangle_special_for_type(tree_node*, char const*) (mangle.c:4032) ==19292== by 0x7302AF: get_tinfo_decl(tree_node*) (rtti.c:417) ==19292== by 0x747A77: expand_start_catch_block(tree_node*) (except.c:380) ==19292== by 0x75ED8C: finish_handler_parms(tree_node*, tree_node*) (semantics.c:1327)