[Issue 21513] [Reg 2.094.1] Slice assignment segmentation fault

d-bugmail at puremagic.com d-bugmail at puremagic.com
Tue Feb 2 10:03:03 UTC 2021


https://issues.dlang.org/show_bug.cgi?id=21513

Basile-z <b2.temp at gmx.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |b2.temp at gmx.com

--- Comment #3 from Basile-z <b2.temp at gmx.com> ---
Possibly caused by https://github.com/dlang/dmd/pull/11427.
Based on this slightly modified TC:

---
struct Stuff {
    size_t c;         // declare after items and not crash !
    ubyte[1] items;
}


void grow(ref Stuff stuff) {
    with (stuff)
    {
        const oldCapacity = c;
        items.ptr[0..oldCapacity] = items.ptr[0..0]; // use literal 0 instead
of
        items.ptr[0] = 0;                            // oldcapacity and no
crash !
    }
}

void main() {
    Stuff stuff;
    grow(stuff);
} 
---

before (2.092):

---
_D7example4growFKSQq5StuffZv:
                push    RBP
                mov     RBP,RSP
                sub     RSP,020h
                mov     -8[RBP],RDI
                mov     RAX,-8[RBP]
                mov     -018h[RBP],RAX
                mov     -018h[RBP],RAX
                mov     RCX,[RAX]
                mov     -010h[RBP],RCX
                mov     RDX,-010h[RBP]
                lea     RSI,8[RAX]
                mov     RDI,RSI
                mov     -020h[RBP],RSI
                call      memcpy at PLT32   ; memcpy
                mov     RAX,-020h[RBP]
                mov     byte ptr [RAX],0
                leave
                ret
---

cg after (2.084.2):

_D7example4growFKSQq5StuffZv:
                push    RBP
                mov     RBP,RSP
                sub     RSP,020h
                mov     -8[RBP],RDI
                mov     RAX,-8[RBP]
                mov     -018h[RBP],RAX
                mov     -018h[RBP],RAX
                mov     RCX,[RAX]
                mov     -010h[RBP],RCX
                lea     RSI,8[RAX]
                mov     RCX,-010h[RBP]
                mov     RDI,RSI
                test    RCX,RCX
                je      $+7h            ; debug, break here, set ZF to 0 and no
crash !
                mov     -020h[RBP],RSI  ; b/c then the address that will end up
in RAX is valid
                rep
                movsb
                mov     RAX,-020h[RBP]
                mov     byte ptr [RAX],0 ; by default here RAX is null, crash
                leave
                ret
                add     [RAX],AL
---

I think that the jump is generated here :

https://github.com/dlang/dmd/pull/11427/commits/73ee0d06f2e1fb462c2022089266a15591d226ae#diff-db782f03853977be318903ca0db5f79a34511b2b148fdc4d7399cff85f28b358R3929

--


More information about the Digitalmars-d-bugs mailing list