[Issue 6874] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Wed Nov 2 21:17:14 PDT 2011
http://d.puremagic.com/issues/show_bug.cgi?id=6874
--- Comment #1 from Nils <mailme+d at nilsb.dyndns.org> 2011-11-02 21:16:44 PDT ---
What happens is this: b.insertInPlaceImpl(...) does
realloc(b.ptr, newLength * b[0].sizeof), assuming that realloc will allocate
enough space to safely write newLength values from b.ptr on.
But realloc does not guarantee that as it compares the requested size with
the result of gcx.findSize(b.ptr) to determine if it needs to allocate,
and gcx.findSize returns the size of the full block the pointer is in,
not of the space behind it. And b = [1 .. $]; moves b.ptr into the allocated
block.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list