[Bug c++/107288] New: Double-free of temporaries created in statement following co_await

2022-10-17 Thread hodges.r at gmail dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288

Bug ID: 107288
   Summary: Double-free of temporaries created in statement
following co_await
   Product: gcc
   Version: 12.2.1
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: c++
  Assignee: unassigned at gcc dot gnu.org
  Reporter: hodges.r at gmail dot com
  Target Milestone: ---

Compiling the attached program results in a call to abort() due to a double
free of the temporary `foo`.

The problem is in this statement:

```
co_await chan.async_send({},
 foo { .s = "hello world", .i = 1 },
 asio::redirect_error(asio::use_awaitable, ec));
```

Modifying the code to remove the temporary works around the issue:

```
auto f = foo { .s = "hello world", .i = 1 };
co_await chan.async_send({},
 std::move(f),
 asio::redirect_error(asio::use_awaitable, ec));
```

Compiler command line:

```
$ /usr/bin/c++ -DBOOST_SYSTEM_NO_LIB -DBOOST_THREAD_NO_LIB -DBOOST_URL_NO_LIB=1
-DBOOST_URL_STATIC_LINK=1 -DCPP_JWT_USE_VENDORED_NLOHMANN_JSON
-I/home/rhodges/github/Power-Trade/riskmon/apps/scratch2
-I/home/rhodges/github/Power-Trade/riskmon/build/apps/scratch2
-I/home/rhodges/github/Power-Trade/riskmon/libs
-I/home/rhodges/github/Power-Trade/riskmon/build/_deps/boost_url-src/include
-isystem /home/rhodges/work/gcc/include -g -save-temps -std=gnu++20 scratch2
/home/rhodges/github/Power-Trade/riskmon/apps/scratch2/main.cpp
```

Result of running the program:
```
$ ./scratch2 
munmap_chunk(): invalid pointer
Aborted (core dumped)
```

[Bug c++/107288] Double-free of temporaries created in statement following co_await

2022-10-17 Thread hodges.r at gmail dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288

--- Comment #1 from Richard Hodges  ---
Created attachment 53712
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53712&action=edit
.ii file as requested

Intermediate source file as required by submission guidelines (g-zipped)

[Bug c++/107288] Double-free of temporaries created in statement following co_await

2022-10-18 Thread hodges.r at gmail dot com via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107288

--- Comment #2 from Richard Hodges  ---
Some extra diagnostic. Reducing to this minimal program:

```
#include 
#include 
#include 
#include 

namespace asio = boost::asio;

struct foo
{
std::string s;
int i;
};

struct bar : foo
{
bar(std::string s, int i)
: foo { .s = std::move(s), .i = i }
{
}
};

asio::awaitable< void >
co_foo(foo)
{
std::printf("%s\n", __func__);
co_return;
};

asio::awaitable< void >
co_bar(foo)
{
std::printf("%s\n", __func__);
co_return;
};

asio::awaitable< void >
co_test()
{
// this works
co_await co_bar(bar("Hello, World!", 1));
// this works but this crashes
co_await co_foo({ .s = "Hello, World!", .i = 1 });
}

int
main()
{
asio::io_context ioc;
asio::co_spawn(ioc, co_test(), asio::detached);
ioc.run();
}
```

Output:
```
co_bar
co_foo
Segmentation fault (core dumped)
```

So it seems related to the interplay between designated initialisers and
coroutines.