• d-bugmail puremagic.com (45/45) Jun 09 2023 https://issues.dlang.org/show_bug.cgi?id=23982

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=23982

          Issue ID: 23982
           Summary: segfault when printing scope inference failure
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: dkorpel live.nl

```D
// REQUIRED_ARGS: -preview=dip1000
 safe:

struct B()
{
    this(int* a)
    {
        this.a = a;
    }
    int* a;
}

class C()
{
    int* foo2(int* a)
    {
        auto b = B!()(a);
        return b.a;
    }
}

void main()
{
    scope int* a;
    C!() c;
    c.foo2(a);
}
```

Results in a segmentation fault.

The expression `this.a = a;` gets put into the `EscapeState.scopeInferFailure`
associative array, but by the time it gets read in `printScopeFailure`, the
class instance is corrupted: the vtable is 0x000000000000005F. This suggests it
gets freed, even while the AA still has a reference to it.

--