https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85046
Bug ID: 85046 Summary: cp/name-lookup.c:6175:53: runtime error: member access within null pointer of type 'struct cp_binding_level' Product: gcc Version: 8.0.1 Status: UNCONFIRMED Keywords: ice-on-invalid-code Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: vegard.nossum at oracle dot com CC: webrown.cpp at gmail dot com Target Milestone: --- Input: void c() { { auto f(__builtin_offsetof( struct { void g(); int f; struct h { union g enum g {} enum e { a, b }; e ginline() { enum g {}; asm goto("" : : : : d); return a; d: return b; } }; }, f)); asm("" : "=d"(f) : ""(__builtin_object_size(__builtin_offsetof( struct { int f; struct {}; struct { } i; }, f), __builtin_extend_pointer({})))); [] {}; struct j { enum e { b }; e k() { asm goto("" : : : : d); try { } catch (int l) { struct m; struct n; } d: return b; class g { int g; }; } g o(); }; } struct g; } Output: $ cc1plus void c() <stdin>:8:45: error: multiple types in one declaration c()::<unnamed struct>::h::e c()::<unnamed struct>::h::ginline() c()::<lambda()> static void c()::<lambda()>::_FUN() c()::<lambda()>::operator void (*)()() const c()::j::e c()::j::k()/home/vegard/git/gcc/gcc/cp/name-lookup.c:6175:53: runtime error: member access within null pointer of type 'struct cp_binding_level' ASAN:SIGSEGV ================================================================= ==5446==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x0000038d5b44 bp 0x7fea893a1040 sp 0x7ffd56aadc50 T0) #0 0x38d5b43 in lookup_type_scope_1 /home/vegard/git/gcc/gcc/cp/name-lookup.c:6175 #1 0x38d5b43 in lookup_type_scope(tree_node*, tag_scope) /home/vegard/git/gcc/gcc/cp/name-lookup.c:6240 #2 0x25fb0cd in lookup_and_check_tag /home/vegard/git/gcc/gcc/cp/decl.c:13582 #3 0x2602936 in xref_tag_1 /home/vegard/git/gcc/gcc/cp/decl.c:13696 #4 0x2602936 in xref_tag(tag_types, tree_node*, tag_scope, bool) /home/vegard/git/gcc/gcc/cp/decl.c:13818 #5 0x3f23b08 in cp_parser_elaborated_type_specifier /home/vegard/git/gcc/gcc/cp/parser.c:17920 #6 0x3d1beb4 in cp_parser_type_specifier /home/vegard/git/gcc/gcc/cp/parser.c:16804 #7 0x3f3fdff in cp_parser_decl_specifier_seq /home/vegard/git/gcc/gcc/cp/parser.c:13631 #8 0x406701d in cp_parser_simple_declaration /home/vegard/git/gcc/gcc/cp/parser.c:12940 #9 0x408425b in cp_parser_block_declaration /home/vegard/git/gcc/gcc/cp/parser.c:12885 #10 0x409572f in cp_parser_declaration_statement /home/vegard/git/gcc/gcc/cp/parser.c:12478 #11 0x3c88eb7 in cp_parser_statement /home/vegard/git/gcc/gcc/cp/parser.c:10927 #12 0x3cad953 in cp_parser_statement_seq_opt /home/vegard/git/gcc/gcc/cp/parser.c:11276 #13 0x3cbdaf1 in cp_parser_compound_statement /home/vegard/git/gcc/gcc/cp/parser.c:11230 #14 0x3f962a8 in cp_parser_function_body /home/vegard/git/gcc/gcc/cp/parser.c:21792 #15 0x3f962a8 in cp_parser_ctor_initializer_opt_and_function_body /home/vegard/git/gcc/gcc/cp/parser.c:21827 #16 0x3fc3219 in cp_parser_function_definition_after_declarator /home/vegard/git/gcc/gcc/cp/parser.c:26842 #17 0x403cdf5 in cp_parser_function_definition_from_specifiers_and_declarator /home/vegard/git/gcc/gcc/cp/parser.c:26759 #18 0x403cdf5 in cp_parser_init_declarator /home/vegard/git/gcc/gcc/cp/parser.c:19504 #19 0x4069481 in cp_parser_simple_declaration /home/vegard/git/gcc/gcc/cp/parser.c:13067 #20 0x408425b in cp_parser_block_declaration /home/vegard/git/gcc/gcc/cp/parser.c:12885 #21 0x41bb8ee in cp_parser_declaration /home/vegard/git/gcc/gcc/cp/parser.c:12782 #22 0x4188c5f in cp_parser_declaration_seq_opt /home/vegard/git/gcc/gcc/cp/parser.c:12658 #23 0x419308b in cp_parser_translation_unit /home/vegard/git/gcc/gcc/cp/parser.c:4563 #24 0x419308b in c_parse_file() /home/vegard/git/gcc/gcc/cp/parser.c:39019 #25 0x613101d in c_common_parse_file() /home/vegard/git/gcc/gcc/c-family/c-opts.c:1132 #26 0x10cb4551 in compile_file /home/vegard/git/gcc/gcc/toplev.c:455 #27 0x14c07ed in do_compile /home/vegard/git/gcc/gcc/toplev.c:2132 #28 0x14c07ed in toplev::main(int, char**) /home/vegard/git/gcc/gcc/toplev.c:2267 #29 0x14eca1c in main /home/vegard/git/gcc/gcc/main.c:39 #30 0x7fea8d77d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #31 0x14ef478 in _start (/home/vegard/personal/programming/gcc/install/libexec/gcc/x86_64-pc-linux-gnu/8.0.1/cc1plus+0x14ef478) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/vegard/git/gcc/gcc/cp/name-lookup.c:6175 lookup_type_scope_1 ==5446==ABORTING $ cc1plus -version GNU C++14 (GCC) version 8.0.1 20180322 (experimental) (x86_64-pc-linux-gnu) compiled by GNU C version 5.4.1 20160904, GMP version 6.1.0, MPFR version 3.1.4, MPC version 1.0.3, isl version none Test case was minimised by C-Reduce, but it's still quite large so maybe I screwed something up with the ASAN output. I looked for duplicates as I thought some of the functions near the top of the stack trace looked familiar, but I didn't find anything. Apologies in advance if it's a dup.