https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91675
Bug ID: 91675
Summary: Memory corruption with std::function
Product: gcc
Version: 9.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: mika.fischer at kit dot edu
Target Milestone: ---
Created attachment 46835
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=46835&action=edit
Test case actually causing a SEGFAULT
The following minimal example leads to valgrind errors with GCC 9.1 and 9.2
I've also attached a longer example which reliably triggers a SEGFAULT for me.
----
#include <functional>
// Make this non-trivially-copyable so that std::function must put it on the
heap
struct lambda {
lambda() {}
lambda(const lambda&) {}
void operator()() const {}
};
// Ternary expression with throw is needed to trigger the issue
std::function<void()> safe_make_function(std::function<void()> f) {
return f ? f : throw 1;
}
int main() {
safe_make_function(lambda{});
}
----
Valgrind output:
----
==10264== Invalid free() / delete / delete[] / realloc()
==10264== at 0x483A08B: operator delete(void*, unsigned long)
(vg_replace_malloc.c:585)
==10264== by 0x407B1D:
std::_Function_base::_Base_manager<lambda>::_M_destroy(std::_Any_data&,
std::integral_constant<bool, false>) (std_function.h:191)
==10264== by 0x4079EB:
std::_Function_base::_Base_manager<lambda>::_M_manager(std::_Any_data&,
std::_Any_data const&, std::_Manager_operation) (std_function.h:215)
==10264== by 0x4077EA: std::_Function_base::~_Function_base()
(std_function.h:260)
==10264== by 0x407845: std::function<void ()>::~function()
(std_function.h:373)
==10264== by 0x407757: main (minimal.cpp:16)
==10264== Address 0x4bb1c80 is 0 bytes inside a block of size 1 free'd
==10264== at 0x483A08B: operator delete(void*, unsigned long)
(vg_replace_malloc.c:585)
==10264== by 0x407B1D:
std::_Function_base::_Base_manager<lambda>::_M_destroy(std::_Any_data&,
std::integral_constant<bool, false>) (std_function.h:191)
==10264== by 0x4079EB:
std::_Function_base::_Base_manager<lambda>::_M_manager(std::_Any_data&,
std::_Any_data const&, std::_Manager_operation) (std_function.h:215)
==10264== by 0x4077EA: std::_Function_base::~_Function_base()
(std_function.h:260)
==10264== by 0x407845: std::function<void ()>::~function()
(std_function.h:373)
==10264== by 0x40774B: main (minimal.cpp:16)
==10264== Block was alloc'd at
==10264== at 0x4838DEF: operator new(unsigned long)
(vg_replace_malloc.c:334)
==10264== by 0x407A24:
std::_Function_base::_Base_manager<lambda>::_M_init_functor(std::_Any_data&,
lambda&&, std::integral_constant<bool, false>) (std_function.h:252)
==10264== by 0x407939:
std::_Function_base::_Base_manager<lambda>::_M_init_functor(std::_Any_data&,
lambda&&) (std_function.h:223)
==10264== by 0x4078B2: std::function<void ()>::function<lambda, void,
void>(lambda) (std_function.h:677)
==10264== by 0x40772C: main (minimal.cpp:16)
==10264==
==10264==
==10264== HEAP SUMMARY:
==10264== in use at exit: 0 bytes in 0 blocks
==10264== total heap usage: 2 allocs, 3 frees, 72,705 bytes allocated
==10264==
==10264== All heap blocks were freed -- no leaks are possible
----
