From: Jason Merrill <jason@redhat.com>
Date: Wed, 29 Nov 2017 21:01:23 +0000 (-0500)
Subject: PR c++/82760 - memory corruption with aligned new.
X-Git-Tag: basepoints/gcc-9~2982
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3704417fa5e3ab896ae766087783b098a2f2f8f;p=thirdparty%2Fgcc.git

PR c++/82760 - memory corruption with aligned new.

	* call.c (build_operator_new_call): Update *args if we add the
	align_arg.

From-SVN: r255253
---

diff --git a/gcc/cp/ChangeLog b/gcc/cp/ChangeLog
index 2cb90b82bfc7..1bc460002ddf 100644
--- a/gcc/cp/ChangeLog
+++ b/gcc/cp/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-29  Jason Merrill  <jason@redhat.com>
+
+	PR c++/82760 - memory corruption with aligned new.
+	* call.c (build_operator_new_call): Update *args if we add the
+	align_arg.
+
 2017-11-28  Jakub Jelinek  <jakub@redhat.com>
 
 	PR sanitizer/81275
diff --git a/gcc/cp/call.c b/gcc/cp/call.c
index 45c811e828e0..e04626863af5 100644
--- a/gcc/cp/call.c
+++ b/gcc/cp/call.c
@@ -4372,6 +4372,8 @@ build_operator_new_call (tree fnname, vec<tree, va_gc> **args,
 	= vec_copy_and_insert (*args, align_arg, 1);
       cand = perform_overload_resolution (fns, align_args, &candidates,
 					  &any_viable_p, tf_none);
+      if (cand)
+	*args = align_args;
       /* If no aligned allocation function matches, try again without the
 	 alignment.  */
     }
diff --git a/gcc/testsuite/g++.dg/cpp1z/aligned-new8.C b/gcc/testsuite/g++.dg/cpp1z/aligned-new8.C
new file mode 100644
index 000000000000..11dd45722b78
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp1z/aligned-new8.C
@@ -0,0 +1,19 @@
+// PR c++/82760
+// { dg-options -std=c++17 }
+// { dg-do run }
+
+#include <new>
+#include <cstddef>
+
+struct alignas(2 * alignof (std::max_align_t)) aligned_foo {
+  char x[2048];
+
+  ~aligned_foo() { }
+  aligned_foo() { __builtin_memset(x, 0, sizeof(x)); }
+};
+
+int main()
+{
+  aligned_foo * gFoo = new (std::nothrow) aligned_foo[2];
+  delete[] gFoo;
+}