public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug d/110113] gdc -fpreview=dip1021 crash in d/dmd/root/aav.d:127 dmd_aaGetRvalue from DsymbolTable::lookup(Identifier const*)
Date: Mon, 26 Jun 2023 00:51:35 +0000 [thread overview]
Message-ID: <bug-110113-4-vJvl9YPqeK@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-110113-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110113
--- Comment #12 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Iain Buclaw
<ibuclaw@gcc.gnu.org>:
https://gcc.gnu.org/g:016047f54713dc601c661ab57c78a26da3759608
commit r12-9729-g016047f54713dc601c661ab57c78a26da3759608
Author: Iain Buclaw <ibuclaw@gdcproject.org>
Date: Mon Jun 26 02:29:46 2023 +0200
d: Fix crash in d/dmd/root/aav.d:127 dmd_aaGetRvalue from
DsymbolTable::lookup
Backports patch from upstream dmd mainline for fixing PR110113.
The data being Mem.xrealloc'd contains many Array(T) fields, some of
which have self references in their data.ptr field thanks to the
smallarray optimization used by Array.
Naturally then, the memcpy from old GC data to new retains those self
referenced addresses, and the GC marks the old data as "free". Some time
later GC.malloc will return a pointer to said "free" data. So now we
have two GC references to the same memory. One that is treating the data
as an Array(VarDeclaration) in dmd.escape.escapeByStorage, and the other
as an AA in the symtab of a dmd.dsymbol.ScopeDsymbol.
Fix this memory corruption by not storing the data in a global variable
for reuse. If there are no more live references, the GC will free it.
PR d/110113
gcc/d/ChangeLog:
* dmd/escape.d (checkMutableArguments): Always allocate new buffer
for
computing escapeBy.
gcc/testsuite/ChangeLog:
* gdc.test/compilable/test23978.d: New test.
Reviewed-on: https://github.com/dlang/dmd/pull/15302
(cherry picked from commit ae3a4cefd855512b10b833a56f275b701bacdb34)
next prev parent reply other threads:[~2023-06-26 0:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-04 16:42 [Bug d/110113] New: " witold.baryluk+gcc at gmail dot com
2023-06-04 16:44 ` [Bug d/110113] " witold.baryluk+gcc at gmail dot com
2023-06-04 16:45 ` witold.baryluk+gcc at gmail dot com
2023-06-06 20:37 ` ibuclaw at gcc dot gnu.org
2023-06-06 20:49 ` ibuclaw at gcc dot gnu.org
2023-06-06 22:01 ` ibuclaw at gcc dot gnu.org
2023-06-07 16:05 ` ibuclaw at gcc dot gnu.org
2023-06-07 16:08 ` ibuclaw at gcc dot gnu.org
2023-06-07 17:14 ` ibuclaw at gcc dot gnu.org
2023-06-10 17:31 ` ibuclaw at gcc dot gnu.org
2023-06-11 17:06 ` witold.baryluk+gcc at gmail dot com
2023-06-26 0:50 ` cvs-commit at gcc dot gnu.org
2023-06-26 0:51 ` cvs-commit at gcc dot gnu.org [this message]
2023-06-26 0:53 ` ibuclaw at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-110113-4-vJvl9YPqeK@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).