digitalmars.D.bugs - [Issue 16470] New: Segfault with negative array length

via Digitalmars-d-bugs (26/26) Sep 05 2016 https://issues.dlang.org/show_bug.cgi?id=16470

via Digitalmars-d-bugs <digitalmars-d-bugs puremagic.com> writes:

https://issues.dlang.org/show_bug.cgi?id=16470

          Issue ID: 16470
           Summary: Segfault with negative array length
           Product: D
           Version: D2
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: cpicard openmailbox.org

The following segfaults when compiled with DMDv2.071.1 (x86 and x86_64, no
flag):

    void main() {
        ubyte[] buf;
        buf.length = -1;
    }

Here is the relevant GDB backtrace:




While I do not argue that setting a negative length is meaningless an Error
should be thrown instead of segfaulting.

This was found while fuzzing arsd/png.d with afl (American Fuzzy Loop).

--

Sep 05 2016

D Programming

C/C++ Programming

Other

digitalmars.D.bugs - [Issue 16470] New: Segfault with negative array length