digitalmars.D.bugs - [Issue 20482] New: formatValue overlap detection does not account
- d-bugmail puremagic.com (55/55) Jan 05 2020 https://issues.dlang.org/show_bug.cgi?id=20482
https://issues.dlang.org/show_bug.cgi?id=20482 Issue ID: 20482 Summary: formatValue overlap detection does not account for nested anonymous unions Product: D Version: D2 Hardware: All OS: All Status: NEW Keywords: safe Severity: normal Priority: P1 Component: phobos Assignee: nobody puremagic.com Reporter: dkorpel live.nl The logic std.format uses for detecting overlap of anonymous unions is incorrect. It looks at the difference in .offsetof for consecutive members in .tupleof, but doesn't account for nested unions. ``` import std; struct S { union { struct { union { string a = "string a"; long overlapsAlength; } string b = "string b"; } string[2] overlapsAandB; } } void main() safe { S s; s.overlapsAlength = 32; writeln(s); } ``` Prints: b\0%s\0/dlang/dmd-", "string b"]) It only detects the overlap of `a` and `overlapsAlength`, while `overlapsAandB` gets printed, resulting in memory corruption. The example calls writeln on s, but writeln is simply a wrapper around formatValue which is at the heart of the issue: ``` auto a = appender!string; auto f = singleSpec("%s"); formatValue(a, s, f); writeln(a.data); ``` The specific logic can be found here: https://github.com/dlang/phobos/blob/cc977c37b8fa7af5fc54bc64a6aad14714e5cf2d/std/format.d#L4411 --
Jan 05 2020