[Issue 15260] New: [dmd-internal] StringExp.compare may cause memory invalid memory access

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Thu Oct 29 18:13:50 PDT 2015


https://issues.dlang.org/show_bug.cgi?id=15260

          Issue ID: 15260
           Summary: [dmd-internal] StringExp.compare may cause memory
                    invalid memory access
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: ice
          Severity: critical
          Priority: P1
         Component: dmd
          Assignee: nobody at puremagic.com
          Reporter: k.hara.pg at gmail.com

>From the StringExp.compare code:

override int compare(RootObject obj)
{
    ...
    if (len1 == len2)
    {
        switch (sz)
        {
        case 1:
            return memcmp(cast(char*)string, cast(char*)se2.string, len1);
        case 2:
            {
                wchar* s1 = cast(wchar*)string;
                wchar* s2 = cast(wchar*)se2.string;
                for (size_t u = 0; u < len; u++)
                {
                    if (s1[u] != s2[u])
                        return s1[u] - s2[u];
                }
            }
            // <--- should break here!
        case 4:
            // if len1 % 4 == 2, following memory read
            // would access out of boundaries.
            {
                dchar* s1 = cast(dchar*)string;
                dchar* s2 = cast(dchar*)se2.string;
                for (size_t u = 0; u < len; u++)
                {
                    if (s1[u] != s2[u])
                        return s1[u] - s2[u];
                }
            }
            break;
        default:
            assert(0);
        }
    }
    return cast(int)(len1 - len2);
}

--


More information about the Digitalmars-d-bugs mailing list