[Bug c++/61288] valgrind finds problem in build_conditional_expr_1

kcc at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Fri Jul 11 09:04:00 GMT 2014 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61288

Kostya Serebryany <kcc at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-07-11
                 CC|                            |kcc at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #1 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
I see this bug as well while running asan-ified or msan-ified gcc r212448
Besides just being a bug it also prevents me from testing gcc with asan and
msan

Minimized reproducer coming soon. 


==6753==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210001c49a8
at pc 0x5df403 bp 0x7fff67fe9a70 sp 0x7fff67fe9a68
READ of size 1 at 0x6210001c49a8 thread T0
    #0 0x5df402 in build_conditional_expr_1 gcc/cp/call.c:4842:11
    #1 0x5db148 in build_conditional_expr gcc/cp/call.c:5089:9
    #2 0x965849 in build_x_conditional_expr gcc/cp/typeck.c:6073:10
    #3 0x88f88d in cp_parser_question_colon_clause gcc/cp/parser.c:8146:10
    #4 0x88f88d in cp_parser_assignment_expression gcc/cp/parser.c:8185

0x6210001c49a8 is located 168 bytes inside of 4064-byte region
[0x6210001c4900,0x6210001c58e0)
freed by thread T0 here:
    #0 0x5a3871 in free
    #1 0x7fa9dca702a7 in obstack_free 
    #2 0x5dcf0a in build_conditional_expr_1 gcc/cp/call.c:4822:7
    #3 0x5db148 in build_conditional_expr gcc/cp/call.c:5089:9
    #4 0x965849 in build_x_conditional_expr gcc/cp/typeck.c:6073:10
    #5 0x88f88d in cp_parser_question_colon_clause gcc/cp/parser.c:8146:10
    #6 0x88f88d in cp_parser_assignment_expression gcc/cp/parser.c:8185

previously allocated by thread T0 here:
    #0 0x5a3b49 in __interceptor_malloc
    #1 0x2907384 in xmalloc 
    #2 0x7fa9dca701c5 in _obstack_newchunk
/build/buildd/eglibc-2.15/malloc/obstack.c:271
    #3 0x5ce9c6 in conversion_obstack_alloc gcc/cp/call.c:615:7
    #4 0x5c7029 in alloc_conversion gcc/cp/call.c:724:22
    #5 0x5c7029 in build_identity_conv gcc/cp/call.c:1049
    #6 0x5c7029 in build_user_type_conversion_1 gcc/cp/call.c:3620
    #7 0x5d0297 in implicit_conversion gcc/cp/call.c:1820:14
    #8 0x5dbf3f in build_conditional_expr_1 gcc/cp/call.c:4769:15
    #9 0x5db148 in build_conditional_expr gcc/cp/call.c:5089:9
    #10 0x965849 in build_x_conditional_expr gcc/cp/typeck.c:6073:10
    #11 0x88f88d in cp_parser_question_colon_clause gcc/cp/parser.c:8146:10
    #12 0x88f88d in cp_parser_assignment_expression gcc/cp/parser.c:8185

More information about the Gcc-bugs mailing list