https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104959

            Bug ID: 104959
           Summary: nested lambda capture pack by ref will load from
                    nullptr
           Product: gcc
           Version: 10.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: andij.cr at gmail dot com
  Target Milestone: ---

testcase:

#include <cassert>

template <auto>
auto line = []<typename... Ts>(Ts &&...args) {
  if constexpr (sizeof...(Ts) != 0) {
    ([&] { assert(&args != nullptr); }(), ...);
  }
};

int main() { line<10>(false); }

compiling and executing this with 

g++ 10.3 -std=c++20 -O1 -fsanitize=undefined

will trigger the assertion. 
this code is a reduction of a more complex code, where the bug caused a crash.
compiling with -O0 or with GCC 11 will not trigger the assertion.


each template, lambda, if constexpr (sizeof...) seems to be necessary 
to trigger the bug
the assert needs to be here to trigger the load of args
using a different method (e.g. using args in an expression)
will also trigger -Wuninitialized

compiler explorer link:
https://gcc.godbolt.org/z/W7EMTP4W8

note that in the assembly __assert_fail is called directly 

this seems similar to 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68177
and 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97938

Reply via email to