https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90959
Bug ID: 90959
Summary: hash_map can be copied but leads to a double-free
after assignment
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
While beefing up the tests for bug 90923 I came across yet another bug in
hash_map. The container defines a copy ctor but no assignment operator, and so
while copying a container of PODs seems to do the right thing, assigning one to
another makes them share storage and ultimately leads to a double free. Below
is a simple test case that demonstrates this:
{
typedef hash_map <void*, int> Map;
{
Map m1;
void *p = &p;
m1.put (p, 1);
Map m2;
m2 = m1;
}
Map m3;
}
double free or corruption (!prev)
cc1: internal compiler error: Aborted
0x11a4b99 crash_signal
/src/gcc/git-svn/gcc/toplev.c:326
0x21447f9 xcallocator<hash_map<void*, int,
simple_hashmap_traits<default_hash_traits<void*>, int>
>::hash_entry>::data_free(hash_map<void*, int,
simple_hashmap_traits<default_hash_traits<void*>, int> >::hash_entry*)
/src/gcc/git-svn/gcc/hash-table.h:282
0x21439ab hash_table<hash_map<void*, int,
simple_hashmap_traits<default_hash_traits<void*>, int> >::hash_entry, false,
xcallocator>::~hash_table()
/src/gcc/git-svn/gcc/hash-table.h:677
0x2143421 hash_map<void*, int,
simple_hashmap_traits<default_hash_traits<void*>, int> >::~hash_map()
/src/gcc/git-svn/gcc/hash-map.h:30
0x2140e18 test_map_of_type_with_ctor_and_dtor
/src/gcc/git-svn/gcc/hash-map-tests.c:152
0x2141e3d selftest::hash_map_tests_c_tests()
/src/gcc/git-svn/gcc/hash-map-tests.c:257
0x20da1c5 selftest::run_tests()
/src/gcc/git-svn/gcc/selftest-run-tests.c:64
0x11a89ec toplev::run_self_tests()
/src/gcc/git-svn/gcc/toplev.c:2273
