[Bug c++/80665] New: dynamic cast on nullptr leads to segfault

abenkhadra at protonmail dot com gcc-bugzilla@gcc.gnu.org
Mon May 8 09:39:00 GMT 2017


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80665

            Bug ID: 80665
           Summary: dynamic cast on nullptr leads to segfault
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: abenkhadra at protonmail dot com
  Target Milestone: ---

Dynamic casts on nullptr should return nullptr as per C++ Standard §5.2.7/4.
However, g++ v6.2 segfaults while executing a dynamic_cast wrapped in a
non-virtual method belonging to a parent class. The assumed bug is produced
only at optimization levels higher than -O0.

That is, the code snippet with the following flags doesn't produce the bug

g++ -std=c++11  -Wall -Wextra -Wpedantic -O0 main.cpp -o test

However, compiling it with the following flags does produce a segfault 

g++ -std=c++11  -Wall -Wextra -Wpedantic -O2 main.cpp -o test

Note that the following code snippet works on clang v3.8 and g++ v5.4 without
problems. 

Code snippet:
-------------

#include <iostream>
class Base{
public:
    int foo;

template<typename T>
T* as()
{
    return dynamic_cast<T*>(this);
}
  virtual ~Base() = default;
};

class Derived: public Base {
public:
  int bar;
};

int main(void) {
    Derived* fst_ptr = nullptr;
    std::cout << "g++ 6.2 segfaults executing next statement" << std::endl;
    Derived* snd_ptr = fst_ptr->as<Derived>();
    std::cout << "Other compilers segfault on last statement as expected" <<
std::endl;
    return (*snd_ptr).foo;
}



Platform:
---------
Used the prepackaged binary of g++ v6.2 for Ubuntu 16.04.2 

Compiler details:
--------------------
Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
6.2.0-3ubuntu11~16.04' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-6 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib
--disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686
--with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
--with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 6.2.0 20160901 (Ubuntu 6.2.0-3ubuntu11~16.04) 
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-std=c++11' '-Wall' '-Wextra'
'-Wpedantic' '-O0' '-o' 'test' '-shared-libgcc' '-mtune=generic'
'-march=x86-64'
 /usr/lib/gcc/x86_64-linux-gnu/6/cc1plus -E -quiet -v -imultiarch
x86_64-linux-gnu -D_GNU_SOURCE main.cpp -mtune=generic -march=x86-64 -std=c++11
-Wall -Wextra -Wpedantic -O0 -fpch-preprocess -fstack-protector-strong
-Wformat-security -o main.ii
ignoring duplicate directory "/usr/include/x86_64-linux-gnu/c++/6"
ignoring nonexistent directory "/usr/local/include/x86_64-linux-gnu"
ignoring nonexistent directory
"/usr/lib/gcc/x86_64-linux-gnu/6/../../../../x86_64-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/include/c++/6
 /usr/include/x86_64-linux-gnu/c++/6
 /usr/include/c++/6/backward
 /usr/lib/gcc/x86_64-linux-gnu/6/include
 /usr/local/include
 /usr/lib/gcc/x86_64-linux-gnu/6/include-fixed
 /usr/include/x86_64-linux-gnu
 /usr/include
End of search list.
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-std=c++11' '-Wall' '-Wextra'
'-Wpedantic' '-O0' '-o' 'test' '-shared-libgcc' '-mtune=generic'
'-march=x86-64'
 /usr/lib/gcc/x86_64-linux-gnu/6/cc1plus -fpreprocessed main.ii -quiet
-dumpbase main.cpp -mtune=generic -march=x86-64 -auxbase main -O0 -Wall -Wextra
-Wpedantic -std=c++11 -version -fstack-protector-strong -Wformat-security -o
main.s
GNU C++11 (Ubuntu 6.2.0-3ubuntu11~16.04) version 6.2.0 20160901
(x86_64-linux-gnu)
        compiled by GNU C version 6.2.0 20160901, GMP version 6.1.0, MPFR
version 3.1.4, MPC version 1.0.3, isl version 0.15
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
GNU C++11 (Ubuntu 6.2.0-3ubuntu11~16.04) version 6.2.0 20160901
(x86_64-linux-gnu)
        compiled by GNU C version 6.2.0 20160901, GMP version 6.1.0, MPFR
version 3.1.4, MPC version 1.0.3, isl version 0.15
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 23988a38771f71e4676d56931fe884f7
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-std=c++11' '-Wall' '-Wextra'
'-Wpedantic' '-O0' '-o' 'test' '-shared-libgcc' '-mtune=generic'
'-march=x86-64'
 as -v --64 -o main.o main.s
GNU assembler version 2.26.1 (x86_64-linux-gnu) using BFD version (GNU Binutils
for Ubuntu) 2.26.1
COMPILER_PATH=/usr/lib/gcc/x86_64-linux-gnu/6/:/usr/lib/gcc/x86_64-linux-gnu/6/:/usr/lib/gcc/x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/6/:/usr/lib/gcc/x86_64-linux-gnu/
LIBRARY_PATH=/usr/lib/gcc/x86_64-linux-gnu/6/:/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/:/usr/lib/gcc/x86_64-linux-gnu/6/../../../../lib/:/lib/x86_64-linux-gnu/:/lib/../lib/:/usr/lib/x86_64-linux-gnu/:/usr/lib/../lib/:/usr/lib/gcc/x86_64-linux-gnu/6/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-std=c++11' '-Wall' '-Wextra'
'-Wpedantic' '-O0' '-o' 'test' '-shared-libgcc' '-mtune=generic'
'-march=x86-64'
 /usr/lib/gcc/x86_64-linux-gnu/6/collect2 -plugin
/usr/lib/gcc/x86_64-linux-gnu/6/liblto_plugin.so
-plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
-plugin-opt=-fresolution=main.res -plugin-opt=-pass-through=-lgcc_s
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc --sysroot=/
--build-id --eh-frame-hdr -m elf_x86_64 --hash-style=gnu --as-needed
-dynamic-linker /lib64/ld-linux-x86-64.so.2 -z relro -o test
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/crt1.o
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/6/crtbegin.o -L/usr/lib/gcc/x86_64-linux-gnu/6
-L/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/6/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/6/../../.. main.o -lstdc++ -lm -lgcc_s -lgcc
-lc -lgcc_s -lgcc /usr/lib/gcc/x86_64-linux-gnu/6/crtend.o
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/crtn.o
COLLECT_GCC_OPTIONS='-v' '-save-temps' '-std=c++11' '-Wall' '-Wextra'
'-Wpedantic' '-O0' '-o' 'test' '-shared-libgcc' '-mtune=generic'
'-march=x86-64'


More information about the Gcc-bugs mailing list