[Issue 16470] New: Segfault with negative array length
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Mon Sep 5 14:03:13 PDT 2016
https://issues.dlang.org/show_bug.cgi?id=16470
Issue ID: 16470
Summary: Segfault with negative array length
Product: D
Version: D2
Hardware: x86
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: druntime
Assignee: nobody at puremagic.com
Reporter: cpicard at openmailbox.org
The following segfaults when compiled with DMDv2.071.1 (x86 and x86_64, no
flag):
void main() {
ubyte[] buf;
buf.length = -1;
}
Here is the relevant GDB backtrace:
#0 0xb7c1708a in __memset_sse2_rep () from /usr/lib/libc.so.6
#1 0x080f51d6 in _d_arraysetlengthT ()
While I do not argue that setting a negative length is meaningless an Error
should be thrown instead of segfaulting.
This was found while fuzzing arsd/png.d with afl (American Fuzzy Loop).
--
More information about the Digitalmars-d-bugs
mailing list