Created attachment 33091 [details]
Full example.

Use of empty brace-initializer in default function argument causes strange effects and, finally, crashes.

The minimal code is:


#include <memory>

class A {
    std::unique_ptr<int> ptr_;
public:
    A() : ptr_(new int(123))
    { }
    A(A&& other) : ptr_(std::move(other.ptr_))
    { }
};

void f(A a)
{ }

void g(A a = {}) // replace "{}" with "A()" makes it work
{ f(std::move(a)); }

int main()
{ g(); }


There is a more detailed example in the attachment, which produces some debug output, e.g.:

A() called [this=0x7ffffbac34f0, constructed unique_ptr=0xe18010]
A(A&&) called [this=0x7ffffbac34b0, other=0x7ffffbac34d0]
~A() called [this=0x7ffffbac34b0, unique_ptr=0xe18010]
~A() called [this=0x7ffffbac34f0, unique_ptr=0xe18010]
*** glibc detected *** ./a.out: double free or corruption (fasttop): 0x0000000000e18010 ***

On the contrary, using some correct version of compiler (I tried 4.6.3 and 4.9.0) we get:

A() called [this=0x7fff77c52810, constructed unique_ptr=0xe1c010]
A(A&&) called [this=0x7fff77c527e0, other=0x7fff77c52810]
~A() called [this=0x7fff77c527e0, unique_ptr=0xe1c010]
~A() called [this=0x7fff77c52810, unique_ptr=0]

As it can be seen, the difference is that the bogus version moves from object that has never been constructed.