www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 15260] New: [dmd-internal] StringExp.compare may cause memory

https://issues.dlang.org/show_bug.cgi?id=15260

          Issue ID: 15260
           Summary: [dmd-internal] StringExp.compare may cause memory
                    invalid memory access
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: ice
          Severity: critical
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: k.hara.pg gmail.com

From the StringExp.compare code:
override int compare(RootObject obj) { ... if (len1 == len2) { switch (sz) { case 1: return memcmp(cast(char*)string, cast(char*)se2.string, len1); case 2: { wchar* s1 = cast(wchar*)string; wchar* s2 = cast(wchar*)se2.string; for (size_t u = 0; u < len; u++) { if (s1[u] != s2[u]) return s1[u] - s2[u]; } } // <--- should break here! case 4: // if len1 % 4 == 2, following memory read // would access out of boundaries. { dchar* s1 = cast(dchar*)string; dchar* s2 = cast(dchar*)se2.string; for (size_t u = 0; u < len; u++) { if (s1[u] != s2[u]) return s1[u] - s2[u]; } } break; default: assert(0); } } return cast(int)(len1 - len2); } --
Oct 29 2015