The issue is that for the push/pop macro the old state of the macro (a
cpp_macro reference) is stored. As this structure is handled by GC without a
root, all get free'ed when garbage collection happens.
This gc can lead to issues when such a saved node gets undefined and the node,
which previously hold the cpp_macro reference, gets reused for a different
macro. As the linked in the saved macro list isn't under control of gc and it
doesn't have a gc root element, the stored reference gets invalid in such cases
and can lead to segmentation faults due access to already free'ed memory.
--
Summary: Dangling reference about saved cpp_macro for push/pop
macro
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: preprocessor
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: ktietz at gcc dot gnu dot org
GCC target triplet: *-*-*
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45362
