← Back to index | Original Bugzilla link

Bug 15260 – [dmd-internal] StringExp.compare may cause invalid memory access

Status: RESOLVED
Resolution: FIXED
Severity: critical
Priority: P1
Component: dmd
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2015-10-30T01:13:00Z
Last change time: 2016-01-03T14:02:13Z
Keywords: ice, pull
Assigned to: nobody
Creator: k.hara.pg

Comments

Comment #0 by k.hara.pg — 2015-10-30T01:13:50Z

From the StringExp.compare code: override int compare(RootObject obj) { ... if (len1 == len2) { switch (sz) { case 1: return memcmp(cast(char*)string, cast(char*)se2.string, len1); case 2: { wchar* s1 = cast(wchar*)string; wchar* s2 = cast(wchar*)se2.string; for (size_t u = 0; u < len; u++) { if (s1[u] != s2[u]) return s1[u] - s2[u]; } } // <--- should break here! case 4: // if len1 % 4 == 2, following memory read // would access out of boundaries. { dchar* s1 = cast(dchar*)string; dchar* s2 = cast(dchar*)se2.string; for (size_t u = 0; u < len; u++) { if (s1[u] != s2[u]) return s1[u] - s2[u]; } } break; default: assert(0); } } return cast(int)(len1 - len2); }

Comment #1 by k.hara.pg — 2015-10-30T01:24:27Z

https://github.com/D-Programming-Language/dmd/pull/5240

Comment #2 by github-bugzilla — 2015-10-30T10:45:58Z

Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/4d38ed397f7d250830948e9a6f81250ed2d070e8 fix Issue 15260 - [dmd-internal] StringExp.compare may cause invalid memory access https://github.com/D-Programming-Language/dmd/commit/be3d6f907f33fad3624b5e5057314454d2cd2171 Merge pull request #5240 from 9rnsr/fix_internal_bugs Issue 15260, 15261, 15262 - Fix dmd-internal bugs

Comment #3 by github-bugzilla — 2016-01-03T14:02:13Z

Commits pushed to stable at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/4d38ed397f7d250830948e9a6f81250ed2d070e8 fix Issue 15260 - [dmd-internal] StringExp.compare may cause invalid memory access https://github.com/D-Programming-Language/dmd/commit/be3d6f907f33fad3624b5e5057314454d2cd2171 Merge pull request #5240 from 9rnsr/fix_internal_bugs