https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110113
ibuclaw at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |ASSIGNED
--- Comment #9 from ibuclaw at gcc dot gnu.org ---
(In reply to ibuclaw from comment #8)
> Regression caused by upstream.
>
> https://github.com/dlang/dmd/pull/14837
Tracked it down to a memory corruption bug in the D front-end.
There is a call to Mem.xrealloc(ptr) inside the escape analysis code, which
allocates a new GC pointer, marking the old pointer as "free" to reuse by the
next GC.malloc request.
However, said pointer is to a data structure with Array(T) fields, each to
which contain a pointer that references itself (a smallarray optimization).
The corruption arises as eventually there are two references to the same
address one that is reading/writing to it as an `VarDeclaration**`, the other
as an `aaA**`. Segfault occurs as a result of aaGetRvalue interpreting a
`VarDeclaration*` as an `aaA*`.
Fix is in review, and will backport to both GCC-13 and GCC-12.
