[Issue 24773] New: Stable sort() invokes the destructor on uninitialized elements
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Fri Sep 20 09:04:15 UTC 2024
https://issues.dlang.org/show_bug.cgi?id=24773
Issue ID: 24773
Summary: Stable sort() invokes the destructor on uninitialized
elements
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P1
Component: phobos
Assignee: nobody at puremagic.com
Reporter: sludwig at outerproduct.org
The TimSort implementation creates a temporary uninitialized array for copying
ranges of elements to. While this works fine for POD values, element types with
an elaborate destructor/postblit/copy constructor will be invoked with
uninitialized data, possibly leading to crashes or data corruption.
Test case:
---
import std.algorithm;
struct S {
int i = 42;
~this() { assert(i == 42); }
}
void main()
{
auto array = new S[](400);
array.sort!((a, b) => false, SwapStrategy.stable);
}
---
--
More information about the Digitalmars-d-bugs
mailing list