• d-bugmail puremagic.com (51/51) Jun 15 2019 https://issues.dlang.org/show_bug.cgi?id=19968

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=19968

          Issue ID: 19968
           Summary:  safe code can create invalid bools resulting in
                    memory corruption
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: tim.dlang t-online.de

Variables of type bool are expected to be 0 or 1. Using void initialization
this invariant can be wrong. This can result in memory corruption. See the
following example:

import std.stdio;

static int[2] data;
static int[253] data2;

void test(bool b)  safe
{
        data[b]++;
}

void main()  safe
{
        bool b = void;
        writeln(data, data2);
        test(b);
        writeln(data, data2);   
}

It can happen, that data2 is modified here.

See http://forum.dlang.org/post/brxxdumxnzktcjjjvedo forum.dlang.org for
reference.

Another problem is, that the code generation for !b assumes b is 0 or 1. The
following code shows, that bools can seem to be true and false at the same
time:

import std.stdio;
void main()  safe
{
    bool b = void;
    if(b)
        writeln("b seems to be true");
    if(!b)
        writeln("b seems to be false");
}

 trusted functions, that are correct for true and false may result in memory
corruption for invalid values.
See http://forum.dlang.org/reply/yrncciusmngbcxztnhyn forum.dlang.org for
reference.

--