[Issue 15260] New: [dmd-internal] StringExp.compare may cause memory invalid memory access
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Oct 29 18:13:50 PDT 2015
https://issues.dlang.org/show_bug.cgi?id=15260
Issue ID: 15260
Summary: [dmd-internal] StringExp.compare may cause memory
invalid memory access
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Keywords: ice
Severity: critical
Priority: P1
Component: dmd
Assignee: nobody at puremagic.com
Reporter: k.hara.pg at gmail.com
>From the StringExp.compare code:
override int compare(RootObject obj)
{
...
if (len1 == len2)
{
switch (sz)
{
case 1:
return memcmp(cast(char*)string, cast(char*)se2.string, len1);
case 2:
{
wchar* s1 = cast(wchar*)string;
wchar* s2 = cast(wchar*)se2.string;
for (size_t u = 0; u < len; u++)
{
if (s1[u] != s2[u])
return s1[u] - s2[u];
}
}
// <--- should break here!
case 4:
// if len1 % 4 == 2, following memory read
// would access out of boundaries.
{
dchar* s1 = cast(dchar*)string;
dchar* s2 = cast(dchar*)se2.string;
for (size_t u = 0; u < len; u++)
{
if (s1[u] != s2[u])
return s1[u] - s2[u];
}
}
break;
default:
assert(0);
}
}
return cast(int)(len1 - len2);
}
--
More information about the Digitalmars-d-bugs
mailing list