[Issue 22864] New: [REG 2.067] Throwing in array literal leads to destructor being called on unconstructed data
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Wed Mar 9 16:29:16 UTC 2022
https://issues.dlang.org/show_bug.cgi?id=22864
Issue ID: 22864
Summary: [REG 2.067] Throwing in array literal leads to
destructor being called on unconstructed data
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Keywords: industry, safe, wrong-code
Severity: regression
Priority: P1
Component: dmd
Assignee: nobody at puremagic.com
Reporter: pro.mathias.lang at gmail.com
The following code leads to `abort` being triggered.
This happens because the array literal causes an instance to be allocated,
which is later called by the GC, even though the instance contains garbage data
(printing the member `hash` field will give a non-zero value).
```
import core.stdc.stdlib;
public S* deserializeFull ()
{
version (all)
return &[ getS() ][0]; // This causes a bug
else
{
auto val = getS();
return &[ val ][0]; // This works because the previous line throws
}
}
S getS () { throw new Exception("socket error"); }
struct S
{
~this ()
{
abort();
}
ubyte hash;
}
void foo ()
{
try
{
auto v = deserializeFull();
assert(0, "Exception not thrown?");
}
catch (Exception exc)
{
assert(exc.msg == "socket error");
}
}
void main ()
{
foo();
import core.memory;
GC.collect(); // Abort triggered from here
}
```
This is an old, but IMO serious, regression, that caused memory corruption in
our `@safe` code because our `@trusted` wrapper was freeing pointers which were
junk.
```
Up to 2.066.0: Success and no output
2.067.1 to 2.071.2: Failure with output: --- killed by signal 6
Since 2.072.2: Failure with output: Error: program killed by signal 6
```
Marking as `wrong-code` but it's a frontend bug (seen in LDC as well).
--
More information about the Digitalmars-d-bugs
mailing list