https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86274
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> --- Created attachment 44334 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=44334&action=edit almost reduced test-case $ g++ segfault.ii -pthread -lboost_log -O3 -g -fprintf-return-value && valgrind ./a.out ==29544== Invalid write of size 8 ==29544== at 0x400FC7: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > af::__to_xstring<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char>(int (*)(char*, unsigned long, char const*, __va_list_tag*), long, char const*, ...) [clone .constprop.9] (in /tmp/a.out) ==29544== by 0x400D78: to_string (<stdin>:100) ==29544== by 0x400D78: main (<stdin>:345) ==29544== Address 0x1fff001000 is not stack'd, malloc'd or (recently) free'd ==29544== ==29544== ==29544== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==29544== Access not within mapped region at address 0x1FFF001000 ==29544== at 0x400FC7: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > af::__to_xstring<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char>(int (*)(char*, unsigned long, char const*, __va_list_tag*), long, char const*, ...) [clone .constprop.9] (in /tmp/a.out) ==29544== by 0x400D78: to_string (<stdin>:100) ==29544== by 0x400D78: main (<stdin>:345) I'm suspecting IPA CP clone somehow smashing varargs?
