www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 22802] New: [dip1000] First ref parameter seen as `return`


          Issue ID: 22802
           Summary: [dip1000] First ref parameter seen as `return`
                    destination even with `this`
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: safe
          Severity: normal
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: dkorpel live.nl

In escape.d, the `bool isFirstRef()` function incorrectly accepts the first ref
parameter as a `return scope` destination, even when there is a `this`
parameter that should be the only return destination. This allows you to escape
a stack pointer:

struct S
    int* ptr;
    void assign(ref int* refPtr, return scope int* z) scope
        this.ptr = z; // allowed, first ref
        refPtr = z; // should not be allowed

int* escape()
    int local;

    S escapeThis;
    int* escapeRef;

    escapeThis.assign(escapeRef, &local);

    return escapeRef; // Accepts invalid
    return escapeThis.ptr; // Error, correct

Feb 21 2022