[Issue 20862] Segfault on repeated GC.qalloc calls
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Sun May 24 23:05:43 UTC 2020
https://issues.dlang.org/show_bug.cgi?id=20862
kinke <kinke at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kinke at gmx.net
--- Comment #3 from kinke <kinke at gmx.net> ---
(In reply to moonlightsentinel from comment #0)
> The following code causes a segfault in the GC (tested on 2.092.0):
>
> ===================================================
> void main()
> {
> import core.memory;
>
> string[] arr;
>
> foreach (_; 0 .. 3) // first two iterations pass
> {
> immutable len = arr.length;
>
> auto bi = GC.qalloc(string.sizeof);
> arr = (cast(string*) bi.base)[0 .. len];
>
> arr = arr.ptr[0 .. len + 1];
> arr[] = [];
> }
> }
Isn't that code clearly writing out of bounds? It's allocating a single slice
for each iteration, but writing 1, 2, 3 empty slices into it, and probably
overwrites GC-internal data.
--
More information about the Digitalmars-d-bugs
mailing list