[Issue 11777] New: [ICE] Compiler segfault in `callfunc` in `e2ir.c`

Thu Dec 19 10:08:49 PST 2013

https://d.puremagic.com/issues/show_bug.cgi?id=11777

           Summary: [ICE] Compiler segfault in `callfunc` in `e2ir.c`
           Product: D
           Version: D2
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: ice
          Severity: regression
          Priority: P2
         Component: DMD
        AssignedTo: nobody at puremagic.com
        ReportedBy: verylonglogin.reg at gmail.com

--- Comment #0 from Denis Shelomovskij <verylonglogin.reg at gmail.com> 2013-12-19 22:08:47 MSK ---
The issue is caused by refactoring commit
1e99eed73c06ae450c1c13352021e4b629d2bba8 [1] from dmd pull 2771 [2].

Remove `mem.free(fieldinit)` added at line 192 of `scope.c` by the causing
commit [1] to detrigger the issue.

At first sight looks like `free`d memory is used. But the compiler segfaults at
line 203 of `callfunc` in `e2ir.c` because `arg` has invalid vtable address
(0x0037382d for me):
---
ea = arg->toElem(irs);
---

Also `arg` is derived from `Expression` so is at least `sizeof(Expression)` =
22 bytes long, but if we look at its memory:
  4 bytes: invalid vtable
 10 bytes: allocated but uninitialized (0xCD byte in MS CRT)
  4 bytes: allocation end guard (0xFD byte in MS CRT)

So it is only 14 bytes long and the only initialized part is vtable pointer.
Clear memory corruption.

Sorry, the testcase is big and proprietary and can be only obtained directly
from the issue author by e-mailing him.

[1]
https://github.com/D-Programming-Language/dmd/commit/1e99eed73c06ae450c1c13352021e4b629d2bba8
[2] https://github.com/D-Programming-Language/dmd/pull/2771

-- 
Configure issuemail: https://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------