https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104959
Bug ID: 104959 Summary: nested lambda capture pack by ref will load from nullptr Product: gcc Version: 10.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: andij.cr at gmail dot com Target Milestone: --- testcase: #include <cassert> template <auto> auto line = []<typename... Ts>(Ts &&...args) { if constexpr (sizeof...(Ts) != 0) { ([&] { assert(&args != nullptr); }(), ...); } }; int main() { line<10>(false); } compiling and executing this with g++ 10.3 -std=c++20 -O1 -fsanitize=undefined will trigger the assertion. this code is a reduction of a more complex code, where the bug caused a crash. compiling with -O0 or with GCC 11 will not trigger the assertion. each template, lambda, if constexpr (sizeof...) seems to be necessary to trigger the bug the assert needs to be here to trigger the load of args using a different method (e.g. using args in an expression) will also trigger -Wuninitialized compiler explorer link: https://gcc.godbolt.org/z/W7EMTP4W8 note that in the assembly __assert_fail is called directly this seems similar to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68177 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97938