https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81405
Bug ID: 81405
Summary: [8 Regression] Invalid write of size 2 in
line_corrections::add_hint(fixit_hint const*)
(diagnostic-show-locus.c:1514)
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Keywords: diagnostic
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: marxin at gcc dot gnu.org
CC: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Starting from David's r247548 I see:
$ valgrind --leak-check=yes --trace-children=yes gcc
/home/marxin/Programming/gcc/gcc/testsuite/gcc.dg/init-excess-1.c
-Wmissing-braces
...
/home/marxin/Programming/gcc/gcc/testsuite/gcc.dg/init-excess-1.c:17:1: note:
(near initialization for ‘a5[3]’)
==30671== Invalid write of size 2
==30671== at 0x4C32D53: memmove (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30671== by 0x1414D2E: (anonymous
namespace)::line_corrections::add_hint(fixit_hint const*)
(diagnostic-show-locus.c:1514)
==30671== by 0x14171E4: print_trailing_fixits (diagnostic-show-locus.c:1558)
==30671== by 0x14171E4: print_line (diagnostic-show-locus.c:1780)
==30671== by 0x14171E4: diagnostic_show_locus(diagnostic_context*,
rich_location*, diagnostic_t) (diagnostic-show-locus.c:1827)
==30671== by 0x6BA9D7: c_diagnostic_finalizer(diagnostic_context*,
diagnostic_info*) (c-opts.c:166)
==30671== by 0x1411CF8: diagnostic_report_diagnostic(diagnostic_context*,
diagnostic_info*) (diagnostic.c:979)
==30671== by 0x141209E: diagnostic_impl(rich_location*, int, char const*,
__va_list_tag (*) [1], diagnostic_t) (diagnostic.c:1099)
==30671== by 0x1412597: warning_at_rich_loc(rich_location*, int, char
const*, ...) (diagnostic.c:1214)
==30671== by 0x61C031: pop_init_level(unsigned int, int, obstack*, unsigned
int) (c-typeck.c:8069)
==30671== by 0x6474B9: c_parser_braced_init(c_parser*, tree_node*, bool,
obstack*) (c-parser.c:4443)
==30671== by 0x64846C: c_parser_initializer(c_parser*) (c-parser.c:4365)
==30671== by 0x65575D: c_parser_declaration_or_fndef(c_parser*, bool, bool,
bool, bool, bool, tree_node**, vec<c_token, va_heap, vl_ptr>,
oacc_routine_data*, bool*) (c-parser.c:1933)
==30671== by 0x65E4C3: c_parser_external_declaration(c_parser*)
(c-parser.c:1470)
==30671== Address 0x644247c is 0 bytes after a block of size 12 alloc'd
==30671== at 0x4C2E2AF: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30671== by 0x147BB4C: xrealloc (xmalloc.c:179)
==30671== by 0x1414D01: ensure_capacity (diagnostic-show-locus.c:1432)
==30671== by 0x1414D01: (anonymous
namespace)::line_corrections::add_hint(fixit_hint const*)
(diagnostic-show-locus.c:1513)
==30671== by 0x14171E4: print_trailing_fixits (diagnostic-show-locus.c:1558)
==30671== by 0x14171E4: print_line (diagnostic-show-locus.c:1780)
==30671== by 0x14171E4: diagnostic_show_locus(diagnostic_context*,
rich_location*, diagnostic_t) (diagnostic-show-locus.c:1827)
==30671== by 0x6BA9D7: c_diagnostic_finalizer(diagnostic_context*,
diagnostic_info*) (c-opts.c:166)
==30671== by 0x1411CF8: diagnostic_report_diagnostic(diagnostic_context*,
diagnostic_info*) (diagnostic.c:979)
==30671== by 0x141209E: diagnostic_impl(rich_location*, int, char const*,
__va_list_tag (*) [1], diagnostic_t) (diagnostic.c:1099)
==30671== by 0x1412597: warning_at_rich_loc(rich_location*, int, char
const*, ...) (diagnostic.c:1214)
==30671== by 0x61C031: pop_init_level(unsigned int, int, obstack*, unsigned
int) (c-typeck.c:8069)
==30671== by 0x6474B9: c_parser_braced_init(c_parser*, tree_node*, bool,
obstack*) (c-parser.c:4443)
==30671== by 0x64846C: c_parser_initializer(c_parser*) (c-parser.c:4365)
==30671== by 0x65575D: c_parser_declaration_or_fndef(c_parser*, bool, bool,
bool, bool, bool, tree_node**, vec<c_token, va_heap, vl_ptr>,
oacc_routine_data*, bool*) (c-parser.c:1933)
...
And similar errors that eventually lead to memory corruption.
