[Issue 6874] New: heap corruption caused by std.array.insertInPlaceImpl or gc.gcx

d-bugmail at puremagic.com d-bugmail at puremagic.com
Tue Nov 1 10:47:22 PDT 2011


http://d.puremagic.com/issues/show_bug.cgi?id=6874

           Summary: heap corruption caused by std.array.insertInPlaceImpl
                    or gc.gcx
           Product: D
           Version: D2
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: druntime
        AssignedTo: nobody at puremagic.com
        ReportedBy: mailme+d at nilsb.dyndns.org


--- Comment #0 from Nils <mailme+d at nilsb.dyndns.org> 2011-11-01 10:46:08 PDT ---
module test;
import std.array;

/* This should grow and shrink its -b- -n- times.
Instead, it pushes an array through the heap, nulling everything in its way,
because the involved functions keep thinking that the allocated block starts at
b.ptr while it is moving through the heap.
I can't say exactly which function is misbehaving, but I guess that one of
insertInPlace(), reallocNoSync(), findSize(), etc doesn't correctly handle
pointers that are not the base address of the allocated block. */
void berserk(size_t n) {
    int[] b = [0];
    foreach(i; 0 .. n) {
        version(length_is_fine) {
            b.length += 1;
        } else {
            b.insertInPlace(1, [0]);
        }
        b = b[1 .. $];
    }
}

void main() {
    int[] a = [1, 2, 3];
    berserk(5);
    assert(a == [1, 2, 3]); // fails
}

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------


More information about the Digitalmars-d-bugs mailing list