www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 16470] New: Segfault with negative array length


          Issue ID: 16470
           Summary: Segfault with negative array length
           Product: D
           Version: D2
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: cpicard openmailbox.org

The following segfaults when compiled with DMDv2.071.1 (x86 and x86_64, no

    void main() {
        ubyte[] buf;
        buf.length = -1;

Here is the relevant GDB backtrace:

While I do not argue that setting a negative length is meaningless an Error
should be thrown instead of segfaulting.

This was found while fuzzing arsd/png.d with afl (American Fuzzy Loop).

Sep 05 2016