This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c++/52967] Segmentation fault on std::vector destruction

From: "karlicoss at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Fri, 13 Apr 2012 08:44:10 +0000
Subject: [Bug c++/52967] Segmentation fault on std::vector destruction
Auto-submitted: auto-generated
References: <bug-52967-4@http.gcc.gnu.org/bugzilla/>

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52967

--- Comment #3 from Dmitry Gerasimov <karlicoss at gmail dot com> 2012-04-13 08:44:10 UTC ---
(In reply to comment #1)
> I don't know if this is not undefined code.
> >    v[0].a = run();
> 
> Is this:
> double &a = v[0].a;
> a = run();
> Or:
> double tmp = run();
> v[0].a = tmp;
> 
> I think both are correct because of the way the C++ standard defines =.

Ok, I got this.
If v[0].a = run(); is equivalent to double &a = v[0].a; a = run();, we:
1. calculate the address of a;
2. recurse into run
3. push_back, causing vector to increase its capacity and reallocate its
memory, which makes a to point to free memory.
I guess I should mark bug as Invalid?

References:
- [Bug libstdc++/52967] New: Segmentation fault on std::vector destruction
  - From: karlicoss at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]