http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59470
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
So, debugging and inspection shows that it is the
_ZNKSt7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE12_M_group_intEPKcjcRSt8ios_basePcS9_Ri
call in the _M_insert_int method that gets bogus arguments, in particular
the __new argument for it, which is supposed to be what the second alloca
returned plus 2, has the same value as the next argument __cs, both are set to
the result of the first alloca + 20 - __len (8 on this testcase).
In the assembly one can easily see it:
movl %ecx, 28(%esp)
movl -84(%ebp), %ecx
movl %edx, 24(%esp) <--- here, correct value
movl %edx, 20(%esp) <--- here, incorrect value
movsbl 37(%edi), %edx
movl %eax, 8(%esp)
movl %ecx, 4(%esp)
movl -72(%ebp), %ecx
movl %edx, 12(%esp)
movl %ecx, (%esp)
call
_ZNKSt7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE12_M_group_intEPKcjcRSt8ios_basePcS9_Ri@PLT
