Bug 80816 - thread_local destructor on windows cause use-after-free
Summary: thread_local destructor on windows cause use-after-free
Alias: None
Product: gcc
Classification: Unclassified
Component: libstdc++ (show other bugs)
Version: 6.3.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2017-05-18 14:57 UTC by Ennio Barbaro
Modified: 2021-08-27 09:33 UTC (History)
2 users (show)

See Also:
Target: mingw
Known to work:
Known to fail:
Last reconfirmed:

self contained example (185 bytes, text/x-csrc)
2017-05-18 14:57 UTC, Ennio Barbaro

Note You need to log in before you can comment on or make changes to this bug.
Description Ennio Barbaro 2017-05-18 14:57:18 UTC
Created attachment 41382 [details]
self contained example

Use of C++11 thread_local on mingw64 seems to suffer a use-after-free when the thread_local object is destroyed.

The attached code prints "~foo():5" when executed normally. But if it is run through gdb it prints "~foo():feeefeee".

"feeefeee" seems to be magic number used by the windows CRT debug HeapFree() to mark deallocated blocks. It seems that the dynamic memory used to store the thread_local object is free'd before the thread_local destructor is called.

gcc --version

gcc.exe (Rev3, Built by MSYS2 project) 6.3.0