[Issue 6473] New: segfault in Lexer::uniqueId

d-bugmail at puremagic.com d-bugmail at puremagic.com
Thu Aug 11 19:08:14 PDT 2011 

http://d.puremagic.com/issues/show_bug.cgi?id=6473

           Summary: segfault in Lexer::uniqueId
           Product: D
           Version: D1 & D2
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: ice-on-valid-code
          Severity: major
          Priority: P2
         Component: DMD
        AssignedTo: nobody at puremagic.com
        ReportedBy: mrmocool at gmx.de


--- Comment #0 from Trass3r <mrmocool at gmx.de> 2011-08-11 19:08:12 PDT ---
struct Eins
{
    ~this() {}
}

struct Zwei
{
    void build(Eins devices = Eins())
    {
    }
}

$ gdb --batch -ex "run program.d" -ex "bt 10" dmd
DMD v2.054 DEBUG

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72e4893 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#0  0x00007ffff72e4893 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff730af02 in vsnprintf () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff72efc4f in snprintf () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00000000004fa225 in Lexer::uniqueId (s=0x5b4aaa "__sl", num=8590) at
lexer.c:2881
#4  0x00000000004fa277 in Lexer::uniqueId (s=0x5b4aaa "__sl") at lexer.c:2888
#5  0x00000000004a0204 in StructLiteralExp::semantic (this=0x1128b80,
sc=0x1128a70) at expression.c:3648
#6  0x000000000047281d in VarDeclaration::semantic (this=0x1128890,
sc=0x1128a70) at declaration.c:1280
#7  0x00000000004a4390 in DeclarationExp::semantic (this=0x1128990,
sc=0x1128670) at expression.c:4910
#8  0x00000000004a66f5 in BinExp::semantic (this=0x1128a20, sc=0x1128670) at
expression.c:5626
#9  0x00000000004a6881 in BinExp::semanticp (this=0x1128a20, sc=0x1128670) at
expression.c:5646

build as a free function doesn't trigger it.
Nor does a global 'Eins devices = Eins();'.


btw, lexer.c(2876):

Identifier *Lexer::uniqueId(const char *s, int num)
{   char buffer[32];
    size_t slen = strlen(s);

    assert(slen + sizeof(num) * 3 + 1 <= sizeof(buffer));
    sprintf(buffer, "%s%d", s, num);

Why that sizeof(num) there? It's always 4.
Why isn't snprintf(buffer, 32.... used?

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

More information about the Digitalmars-d-bugs mailing list