Menu
Search

Forums

Forum Index

Thread overview
[Issue 3724] New: bug in Expression::arraySyntaxCopy (null pointer dereference on struct->union->struct
Jan 20, 2010
Witold Baryluk
Jan 23, 2010
Walter Bright
Jan 31, 2010
Walter Bright
January 20, 2010
Gravatar of Witold BarylukPosted by Witold BarylukReply
Witold Baryluk
Gravatar of Witold Baryluk


Reply
http://d.puremagic.com/issues/show_bug.cgi?id=3724

           Summary: bug in Expression::arraySyntaxCopy (null pointer
                    dereference on struct->union->struct
           Product: D
           Version: 2.039
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: nobody@puremagic.com
        ReportedBy: baryluk@smp.if.uj.edu.pl


--- Comment #0 from Witold Baryluk <baryluk@smp.if.uj.edu.pl> 2010-01-19 19:14:35 PST ---
In case of code similar to this

struct v {
  union {
     struct { float a, b; }
     struct { float c[2]; }
  }
}

(it is more complicated than just this sample, to trigger this bug. I can't easly produce small example)


file expression.c
method Expression *StructLiteralExp::semantic(Scope *sc)
performs kind of flatening, and adds member c to array "elements",
but in case on union memberrs it adds them as null:
relevant lines:
line 3373
 if (v->offset < offset)
 {   e = NULL;
     sd->hasUnions = 1;
 }


and line 3393
  elements->push(e)


Fix:
In file expression.c line 1477
method Expressions *Expression::arraySyntaxCopy(Expressions *exps)
add condition:

 for (int i = 0; i < a->dim; i++)
 {   Expression *e = (Expression *)exps->data[i];
-    e = e->syntaxCopy();
+   if (e)
+        e = e->syntaxCopy();
    a->data[i] = e;^M
 }


Without it, optimize.c lines 86-87 will call indirectly this method, when some (last) elemenets of exps is/are nulls, and segfault.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
January 23, 2010
Gravatar of Walter BrightPosted by Walter Bright
in reply to Witold Baryluk		Reply
Walter Bright
Gravatar of Walter Bright
Posted in reply to Witold Baryluk


Reply
http://d.puremagic.com/issues/show_bug.cgi?id=3724


Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugzilla@digitalmars.com


--- Comment #1 from Walter Bright <bugzilla@digitalmars.com> 2010-01-22 21:50:46 PST ---
Changeset 348

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
January 31, 2010
Gravatar of Walter BrightPosted by Walter Bright
in reply to Witold Baryluk		Reply
Walter Bright
Gravatar of Walter Bright
Posted in reply to Witold Baryluk


Reply
http://d.puremagic.com/issues/show_bug.cgi?id=3724


Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED


--- Comment #2 from Walter Bright <bugzilla@digitalmars.com> 2010-01-30 22:42:29 PST ---
fixed dmd 1.056 and 2.040

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------