A rather clear case of bad code generation. There's a pretty weird prolog at the top of func
push ebx
mov ebx,esp
sub esp,8
and esp,0FFFFFFF8h
add esp,4
push ebp
mov ebp,dword ptr [ebx+4]
mov dword ptr [esp+4],ebp
mov ebp,esp
sub esp,18h
Unusual, but isn't an immediate problem. The problem is in the epilog:
mov esp,ebp
pop ebp
mov esp,ebx
pop ebx
ret
EBX
is used as a scratch register in the body of the function. Its value happens to be 1 by this point. So then ESP
becomes 1, and then POP
tries to read from that, obviously bogus, address
I suggest you report the issue at http://connect.microsoft.com/visualstudio. Meanwhile, as an immediate workaround, it works if you surround func
with #pragma optimize( "", off )
and #pragma optimize( "", on )