digitalmars.D.bugs - [Issue 22864] New: [REG 2.067] Throwing in array literal leads to
- d-bugmail puremagic.com (69/69) Mar 09 2022 https://issues.dlang.org/show_bug.cgi?id=22864
d-bugmail puremagic.com https://issues.dlang.org/show_bug.cgi?id=22864 Issue ID: 22864 Summary: [REG 2.067] Throwing in array literal leads to destructor being called on unconstructed data Product: D Version: D2 Hardware: All OS: All Status: NEW Keywords: industry, safe, wrong-code Severity: regression Priority: P1 Component: dmd Assignee: nobody puremagic.com Reporter: pro.mathias.lang gmail.com The following code leads to `abort` being triggered. This happens because the array literal causes an instance to be allocated, which is later called by the GC, even though the instance contains garbage data (printing the member `hash` field will give a non-zero value). ``` import core.stdc.stdlib; public S* deserializeFull () { version (all) return &[ getS() ][0]; // This causes a bug else { auto val = getS(); return &[ val ][0]; // This works because the previous line throws } } S getS () { throw new Exception("socket error"); } struct S { ~this () { abort(); } ubyte hash; } void foo () { try { auto v = deserializeFull(); assert(0, "Exception not thrown?"); } catch (Exception exc) { assert(exc.msg == "socket error"); } } void main () { foo(); import core.memory; GC.collect(); // Abort triggered from here } ``` This is an old, but IMO serious, regression, that caused memory corruption in our ` safe` code because our ` trusted` wrapper was freeing pointers which were junk. ``` Up to 2.066.0: Success and no output 2.067.1 to 2.071.2: Failure with output: --- killed by signal 6 Since 2.072.2: Failure with output: Error: program killed by signal 6 ``` Marking as `wrong-code` but it's a frontend bug (seen in LDC as well). --
Mar 09 2022