Thread overview
[Issue 5270] Using a scope delegate allows memory corruption in safe mode
Jun 18, 2014
David Nadlinger
Nov 01, 2014
Mike
Aug 25, 2016
Walter Bright
Aug 25, 2016
Walter Bright
Aug 25, 2016
Walter Bright
Mar 04, 2018
Walter Bright
Mar 04, 2018
anonymous4
June 18, 2014
https://issues.dlang.org/show_bug.cgi?id=5270

David Nadlinger <code@klickverbot.at> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |safe
                 CC|                            |code@klickverbot.at

--
July 09, 2014
https://issues.dlang.org/show_bug.cgi?id=5270

hsteoh@quickfur.ath.cx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hsteoh@quickfur.ath.cx

--- Comment #3 from hsteoh@quickfur.ath.cx ---
*** Issue 13085 has been marked as a duplicate of this issue. ***

--
July 09, 2014
https://issues.dlang.org/show_bug.cgi?id=5270

--- Comment #4 from hsteoh@quickfur.ath.cx ---
Another failing case that illustrates the problem:
------
int delegate() globDg;

void func(scope int delegate() dg) {
        globDg = dg; // should be rejected but isn't
        globDg();
}

void sub() {
        int x;
        func(() { return ++x; });
}

void trashme() {
        import std.stdio;
        writeln(globDg()); // prints garbage
}

void main() {
        sub();
        trashme();
}
------

--
July 09, 2014
https://issues.dlang.org/show_bug.cgi?id=5270

--- Comment #5 from hsteoh@quickfur.ath.cx ---
Removing 'scope' from func's parameter fixes the problem, since the compiler will then allocate x on the heap instead of the stack.

--
November 01, 2014
https://issues.dlang.org/show_bug.cgi?id=5270

Mike <slavo5150@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |slavo5150@yahoo.com

--
August 25, 2016
https://issues.dlang.org/show_bug.cgi?id=5270

--- Comment #6 from Walter Bright <bugzilla@digitalmars.com> ---
(In reply to hsteoh from comment #4)
> Another failing case that illustrates the problem:
> ------
> int delegate() globDg;
> 
> void func(scope int delegate() dg) {
>         globDg = dg; // should be rejected but isn't
>         globDg();
> }

Annotating func() with @safe results in:

  test3.d(4): Error: scope variable dg assigned to non-scope globDg

with Pull Request:

  https://github.com/dlang/dmd/pull/5972

This check is limited to @safe code to avoid breaking too much existing code.

--
August 25, 2016
https://issues.dlang.org/show_bug.cgi?id=5270

--- Comment #7 from Walter Bright <bugzilla@digitalmars.com> ---
(In reply to timon.gehr from comment #2)
> The issue is that "it compiles and runs without error". (the second assertion asserts that there is memory corruption) The compiler has to either:
> 
> - enforce the 'scope' storage class in @safe mode by flow-analysis. - not perform the scope delegate optimization in @safe mode.
> 
> Change the second assertion to 'assert (x == 123);' to see the error.

Pull https://github.com/dlang/dmd/pull/5972 now causes:

test3.d(9): Error: scope variable dg assigned to non-scope globalDg

--
August 25, 2016
https://issues.dlang.org/show_bug.cgi?id=5270

Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |pull

--- Comment #8 from Walter Bright <bugzilla@digitalmars.com> ---
This can be closed once 5972 is pulled.

--
March 04, 2018
https://issues.dlang.org/show_bug.cgi?id=5270

Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #9 from Walter Bright <bugzilla@digitalmars.com> ---
(In reply to Walter Bright from comment #8)
> This can be closed once 5972 is pulled.

It was pulled.

--
March 04, 2018
https://issues.dlang.org/show_bug.cgi?id=5270

--- Comment #10 from anonymous4 <dfj1esp02@sneakemail.com> ---
(In reply to Walter Bright from comment #6)
> This check is limited to @safe code to avoid breaking too much existing code.
For the record: escaping scoped data should stay allowed is unsafe code, it's a useful pattern, the code would just respect scoping manually.

--