http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53706
--- Comment #8 from Uros Bizjak <ubizjak at gmail dot com> 2012-06-21 06:55:50 UTC --- (In reply to comment #6) > Created attachment 27648 [details] > gcc48-pr53706.patch > > The attached patch fixes the problem for me. Alex, what do you think about > it? With this patch, I still see invalid write, but the path is a bit different (through vt_finalize instead of vt_emit_nodes): tree_node* shortcut_cond_r(tree, tree_node**, tree_node**, location_t) ==27489== Invalid write of size 8 ==27489== at 0xBD719E: variable_htab_free (var-tracking.c:1418) ==27489== by 0xD7361A: htab_delete (hashtab.c:430) ==27489== by 0xBD17B3: vt_finalize (var-tracking.c:9792) ==27489== by 0xBE447F: variable_tracking_main (var-tracking.c:9839) ==27489== by 0xC018A5: ia64_reorg (ia64.c:9833) ==27489== by 0x98BF09: rest_of_handle_machine_reorg (reorg.c:4151) ==27489== by 0x93F736: execute_one_pass (passes.c:2164) ==27489== by 0x93FAE4: execute_pass_list (passes.c:2219) ==27489== by 0x93FAF6: execute_pass_list (passes.c:2220) ==27489== by 0x93FAF6: execute_pass_list (passes.c:2220) ==27489== by 0x73DE47: expand_function (cgraphunit.c:1615) ==27489== by 0x73F736: compile (cgraphunit.c:1720) ==27489== Address 0xb853708 is 120 bytes inside a block of size 2,568 free'd ==27489== at 0x4A05D21: free (vg_replace_malloc.c:325) ==27489== by 0x6D42E7: empty_alloc_pool (alloc-pool.c:210) ==27489== by 0x6D4358: free_alloc_pool (alloc-pool.c:230) ==27489== by 0xBE421F: vt_emit_notes (var-tracking.c:9131) ==27489== by 0xBE4471: variable_tracking_main (var-tracking.c:9875) ==27489== by 0xC018A5: ia64_reorg (ia64.c:9833) ==27489== by 0x98BF09: rest_of_handle_machine_reorg (reorg.c:4151) ==27489== by 0x93F736: execute_one_pass (passes.c:2164) ==27489== by 0x93FAE4: execute_pass_list (passes.c:2219) ==27489== by 0x93FAF6: execute_pass_list (passes.c:2220) ==27489== by 0x93FAF6: execute_pass_list (passes.c:2220) ==27489== by 0x73DE47: expand_function (cgraphunit.c:1615) ==27489==
