[Issue 14336] New: Invalid memory access in struct destructor in std.uni

Wed Mar 25 07:40:08 PDT 2015

https://issues.dlang.org/show_bug.cgi?id=14336

          Issue ID: 14336
           Summary: Invalid memory access in struct destructor in std.uni
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: Phobos
          Assignee: nobody at puremagic.com
          Reporter: thecybershadow at gmail.com
                CC: blah38621 at gmail.com, dmitry.olsh at gmail.com

Created attachment 1495
  --> https://issues.dlang.org/attachment.cgi?id=1495&action=edit
Valgrind log

Valgrind (with my Valgrind branch [1]) reports an incorrect memory access in
std.uni.CowArray destructors (see attachment).

It looks like the following happens:

- The destructor is finalizing a heap-allocated array of InversionList!GcPolicy
structs.
- InversionList doesn't have a destructor, but it has a CowArray field
("data"). CowArray has a destructor, so one is automatically generated for
InversionList.
- CowArray!GcPolicy.~this calls the refCount @property.
- The refCount @property attempts to refer to the heap-allocated (via GcPolicy)
uint[] data field, which has already been destroyed by the GC. As I understand,
this is an invalid memory access.

[1]:
https://github.com/CyberShadow/druntime/compare/pull-20150323-233811-gc-debug...valgrind

--