digitalmars.D.bugs - [Issue 22802] New: [dip1000] First ref parameter seen as `return`
- d-bugmail puremagic.com (41/41) Feb 21 2022 https://issues.dlang.org/show_bug.cgi?id=22802
https://issues.dlang.org/show_bug.cgi?id=22802 Issue ID: 22802 Summary: [dip1000] First ref parameter seen as `return` destination even with `this` Product: D Version: D2 Hardware: All OS: All Status: NEW Keywords: safe Severity: normal Priority: P1 Component: dmd Assignee: nobody puremagic.com Reporter: dkorpel live.nl In escape.d, the `bool isFirstRef()` function incorrectly accepts the first ref parameter as a `return scope` destination, even when there is a `this` parameter that should be the only return destination. This allows you to escape a stack pointer: ``` safe: struct S { int* ptr; void assign(ref int* refPtr, return scope int* z) scope { this.ptr = z; // allowed, first ref refPtr = z; // should not be allowed } } int* escape() { int local; S escapeThis; int* escapeRef; escapeThis.assign(escapeRef, &local); return escapeRef; // Accepts invalid return escapeThis.ptr; // Error, correct } ``` --
Feb 21 2022