[LLVMbugs] [Bug 13097] New: Accessing member of temporary via pointer-to-member-variable results in bad code

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Jun 12 17:18:38 PDT 2012 

http://llvm.org/bugs/show_bug.cgi?id=13097

             Bug #: 13097
           Summary: Accessing member of temporary via
                    pointer-to-member-variable results in bad code
           Product: clang
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: release blocker
          Priority: P
         Component: C++
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: tim at rethinkdb.com
                CC: dgregor at apple.com, llvmbugs at cs.uiuc.edu
    Classification: Unclassified


clang++ accepts the following C++ program, but when the program is executed, it
does a double free:

    #include <iostream>
    #include <string>
    struct Object {
        std::string field;
    };
    Object get1() {
        Object o;
        o.field = "Hello, World!";
        return o;
    }
    std::string get2(std::string Object::*field) {
        return get1().*field;
    }
    int main(void) {
        std::cout << get2(&Object::field) << std::endl;
        return 0;
    }

If `field` is an `int` instead of a `std::string`, the program works properly,
even under Valgrind. If the result of "get1()" is put in a local variable and
then the field is extracted from that local variable instead of directly from
the temporary, then the program works properly.

This has been reproduced on clang++ version 3.2 (trunk 158375) on x86_64 on
Linux.

A similar program tripped an assertion in clang-bot on the #llvm IRC channel,
but we were unable to reproduce the assertion failure by building clang with
assertions on our machine. The beginning of the error message was, "clang:
/usr/opt/llvm-project/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp:1206: void
clang::CodeGen::CodeGenFunction::EmitAggregateCopy(llvm::Value *, llvm::Value
*, clang::QualType, bool, unsigned int): Assertion
`(Record->hasTrivialCopyConstructor() || Record->hasTrivialCopyAssignment() ||
Record->h"; unfortunately, IRC cut off the rest.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list