https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95111
Bug ID: 95111
Summary: coroutines use-after-free with lambdas
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: a...@cloudius-systems.com
Target Milestone: ---
coroutines copy their input to the coroutine frame, so a coroutine like
future<T> f(T x) {
co_await something();
co_return x;
}
will copy x back from the coroutine frame. However, lambdas are passed by
pointer, so something like
[x] () -> future<T> {
co_await something();
co_return x;
}
will fail, it is translated as something like
struct lambda {
T x;
}
future<T> lambda_operator_parens(const lambda* l) {
co_await something();
co_return l->x;
}
Since l is captured by value, *l is dangling and is leaked.
I think the following translation would be more useful:
future<T> lambda_operator_parens_rref(const lambda l) {
co_await something();
co_return l.x;
}
l would be copied by value and would survive copying/moving into the coroutine
frame.
I don't know if the current behavior is mandated by the standard, but if it is,
it seems a serious defect.
