Comment 3 for bug 897583

Created attachment 25921
Boiled down source code. Bad code for last function.

The following boiled down code produces a jmp to Grob::internal_set_property where the implicit first call argument (this) is equal to the explicit second call argument instead of the actual this pointer. The guilty code sequence is

.L4:
 movl %ebx, 40(%esp)
 movl %ebx, 32(%esp)
 movl %eax, 36(%esp)
 addl $24, %esp
 .cfi_remember_state
 .cfi_def_cfa_offset 8
 popl %ebx
 .cfi_def_cfa_offset 4
 .cfi_restore 3
 jmp _ZN4Grob21internal_set_propertyEPvS0_

Version is
Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/4.6.1/lto-wrapper
Target: i686-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro 4.6.1-9ubuntu3' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr --program-suffix=-4.6 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin --enable-objc-gc --enable-targets=all --disable-werror --with-arch-32=i686 --with-tune=generic --enable-checking=release --build=i686-linux-gnu --host=i686-linux-gnu --target=i686-linux-gnu
Thread model: posix
gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)

Compilation options are -O2

This is from Lilypond source code and causes a segfault.