https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102592
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|heap-use-after-free when |[11/12 Regression]
|constructing |heap-use-after-free when
|std::filesystem::path from |constructing
|iterator pair |std::filesystem::path from
| |iterator pair
Ever confirmed|0 |1
Assignee|unassigned at gcc dot gnu.org |redi at gcc dot gnu.org
Keywords| |wrong-code
Last reconfirmed| |2021-10-04
Known to work| |10.3.1
Status|UNCONFIRMED |ASSIGNED
Known to fail| |11.2.1, 12.0
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
The problem is the last line of this function:
template<typename _Tp>
static auto
_S_convert(const _Tp& __str)
{
if constexpr (is_same_v<_Tp, string_type>)
return __str;
else if constexpr (is_same_v<_Tp, basic_string_view<value_type>>)
return __str;
else if constexpr (is_same_v<typename _Tp::value_type, value_type>)
return basic_string_view<value_type>(__str.data(), __str.size());
else
return _S_convert(__str.data(), __str.data() + __str.size());
}
That returns a basic_string_view<char8_t> referring to the contents of __str,
but that is an rvalue basic_string<char8_t> that goes out of scope before the
result is used.
