https://issues.dlang.org/show_bug.cgi?id=21116

          Issue ID: 21116
           Summary: onArrayCastError is horribly unsafe
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P1
         Component: druntime
          Assignee: nobody@puremagic.com
          Reporter: schveiguy@yahoo.com

If you cast an array incorrectly, you get a blank message, or an incomplete message, or you may get junk.

That's because onArrayCastError (which is @trusted) uses a stack buffer for its message, and then throws an assert error with the reference to that message!

Not only that, but it also incorrectly converts numbers into stack strings, and then references those in an array after they are gone.

I think there are only 2 valid ways out -- 1: allocate the string in the static data segment, or 2: allocate it on the C heap.

I'm not sure which one to do. Both have drawbacks. Obviously, we can't use the GC as this is a core language feature. Using the C heap isn't great either, but is a reasonable solution. Using a static data segment one has to do purity acrobatics. And it may be really difficult to only allocate the segment if an array cast occurs.

I'm leaning towards doing a C heap allocation.

--