gcc.gnu.org Git - gcc.git/commit

author	Iain Buclaw <ibuclaw@gdcproject.org>
	Mon, 26 Jun 2023 00:29:46 +0000 (02:29 +0200)
committer	Iain Buclaw <ibuclaw@gdcproject.org>
	Mon, 26 Jun 2023 00:37:19 +0000 (02:37 +0200)
commit	ae3a4cefd855512b10b833a56f275b701bacdb34
tree	4cebfdb03bdb32ba9c10f1b2f8a996b5e336f904	tree
parent	9d423deea0b17a09ad218d553579845664143221	commit \| diff

d: Fix crash in d/dmd/root/aav.d:127 dmd_aaGetRvalue from DsymbolTable::lookup

Backports patch from upstream dmd mainline for fixing PR110113.

The data being Mem.xrealloc'd contains many Array(T) fields, some of
which have self references in their data.ptr field thanks to the
smallarray optimization used by Array.

Naturally then, the memcpy from old GC data to new retains those self
referenced addresses, and the GC marks the old data as "free". Some time
later GC.malloc will return a pointer to said "free" data. So now we
have two GC references to the same memory. One that is treating the data
as an Array(VarDeclaration) in dmd.escape.escapeByStorage, and the other
as an AA in the symtab of a dmd.dsymbol.ScopeDsymbol.

Fix this memory corruption by not storing the data in a global variable
for reuse. If there are no more live references, the GC will free it.

PR d/110113

gcc/d/ChangeLog:

* dmd/escape.d (checkMutableArguments): Always allocate new buffer for
computing escapeBy.

gcc/testsuite/ChangeLog:

* gdc.test/compilable/test23978.d: New test.

Reviewed-on: https://github.com/dlang/dmd/pull/15302

gcc/d/dmd/escape.d		diff \| blob \| blame \| history
gcc/testsuite/gdc.test/compilable/test23978.d	[new file with mode: 0644]	blob