digitalmars.D.bugs - [Issue 17363] New: safety hole due to $ caching in slice expressions
- via Digitalmars-d-bugs (36/36) May 01 2017 https://issues.dlang.org/show_bug.cgi?id=17363
https://issues.dlang.org/show_bug.cgi?id=17363 Issue ID: 17363 Summary: safety hole due to $ caching in slice expressions Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: normal Priority: P1 Component: dmd Assignee: nobody puremagic.com Reporter: kinke gmx.net When loading and caching $ once for a slice expression before evaluating the bounds expressions, it isn't updated due to potential side effects on the slicee when evaluating upper and lower bounds expressions, leading to invalid bounds checks and memory corruption potential in safe code: ``` safe: int[] globalArray; int getLowerBound() { globalArray = [ 666 ]; return 0; } void main() { globalArray = new int[256]; auto r = globalArray[getLowerBound() .. $]; assert(r[0] == 666); assert(r.length == 256); // BUG, should be 1 r[] = 123; // oops } ``` GDC and LDC don't cache $ and thus don't suffer from this issue. --
May 01 2017