Menu
Search

Forums

Forum Index

June 09, 2023
Gravatar of dkorpel@live.nlPosted by dkorpel@live.nlReply
dkorpel@live.nl
Gravatar of dkorpel@live.nl


Reply
https://issues.dlang.org/show_bug.cgi?id=23982

          Issue ID: 23982
           Summary: segfault when printing scope inference failure
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: dmd
          Assignee: nobody@puremagic.com
          Reporter: dkorpel@live.nl

```D
// REQUIRED_ARGS: -preview=dip1000
@safe:

struct B()
{
    this(int* a)
    {
        this.a = a;
    }
    int* a;
}

class C()
{
    int* foo2(int* a)
    {
        auto b = B!()(a);
        return b.a;
    }
}

void main()
{
    scope int* a;
    C!() c;
    c.foo2(a);
}
```

Results in a segmentation fault.

The expression `this.a = a;` gets put into the `EscapeState.scopeInferFailure` associative array, but by the time it gets read in `printScopeFailure`, the class instance is corrupted: the vtable is 0x000000000000005F. This suggests it gets freed, even while the AA still has a reference to it.

--