https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117504
--- Comment #6 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-14 branch has been updated by Simon Martin <simar...@gcc.gnu.org>: https://gcc.gnu.org/g:f078a613bf85eff138c2567b599779dee6ae4b22 commit r14-11445-gf078a613bf85eff138c2567b599779dee6ae4b22 Author: Simon Martin <si...@nasilyan.com> Date: Tue Mar 25 07:08:16 2025 +0100 c++: Don't replace INDIRECT_REFs by a const capture proxy too eagerly [PR117504] We have been miscompiling the following valid code since GCC8, and r8-3497-g281e6c1d8f1b4c === cut here === struct span { span (const int (&__first)[1]) : _M_ptr (__first) {} int operator[] (long __i) { return _M_ptr[__i]; } const int *_M_ptr; }; void foo () { constexpr int a_vec[]{1}; auto vec{[&a_vec]() -> span { return a_vec; }()}; } === cut here === The problem is that perform_implicit_conversion_flags (via mark_rvalue_use) replaces "a_vec" in the return statement by a CONSTRUCTOR representing a_vec's constant value, and then takes its address when invoking span's constructor. So we end up with an instance that points to garbage instead of a_vec's storage. As per Jason's suggestion, this patch simply removes the calls to mark_*_use from perform_implicit_conversion_flags, which fixes the PR. PR c++/117504 gcc/cp/ChangeLog: * call.cc (perform_implicit_conversion_flags): Don't call mark_{l,r}value_use. gcc/testsuite/ChangeLog: * g++.dg/cpp2a/constexpr-117504.C: New test. * g++.dg/cpp2a/constexpr-117504a.C: New test. (cherry picked from commit fdf846fdddcc0467b9f025757f081c5d54319d08)
