• via Digitalmars-d-bugs (37/37) May 06 2016 https://issues.dlang.org/show_bug.cgi?id=15996

via Digitalmars-d-bugs <digitalmars-d-bugs puremagic.com> writes:

https://issues.dlang.org/show_bug.cgi?id=15996

          Issue ID: 15996
           Summary:  safe allows escaping of ptrs to variables going out
                    of scope
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: eyal.lotem gmail.com

Created attachment 1595
  --> https://issues.dlang.org/attachment.cgi?id=1595&action=edit
Reproduces the undefined behavior

This code compiles and produces Undefined Behavior:

 safe:

import std.stdio;

struct T { int y; }

auto foo() {
    int *x;
    T t;
    t.y = 12345;
    x = &t.y;
    return x;
}

unittest {
    auto x = foo();
    writeln("Hello world");
    assert(*x == 12345);
}

It seems that the escape analysis checks if the pointed element is itself
directly declared on the stack, instead of checking whether it is contained in
something that is declared on the stack.

--