Bug 16266 – @safe functions may dereference non-dereferenceable pointers
Status
RESOLVED
Resolution
DUPLICATE
Severity
normal
Priority
P1
Component
dmd
Product
D
Version
D2
Platform
x86_64
OS
Linux
Creation time
2016-07-12T02:36:00Z
Last change time
2016-07-12T04:19:25Z
Keywords
safe
Assigned to
nobody
Creator
andrei
Comments
Comment #0 by andrei — 2016-07-12T02:36:23Z
Consider:
@safe
int foo(int *iPtr) {
return *iPtr;
}
@safe
int bar(int[] iSlice) {
return foo(iSlice.ptr);
}
@safe int[] baz(int[] a) {
return bar(a[$ .. $];
}
Calling baz with any array will end up passing a non-dereferenceable pointer to foo. This corner case needs to be addressed. There are a few possibilities:
1. Simply disallow taking .ptr for any array in @safe code.
2. Insert a runtime check whenever array.ptr is passed into a @safe function (array must be non-empty).
3. Require flow, for example this could be made legal:
@safe
int bar(int[] iSlice) {
return iSlice.empty ? 42 : foo(iSlice.ptr);
}
Probably (2) would be the best all things considered.
Comment #1 by andrei — 2016-07-12T02:40:11Z
> 2. Insert a runtime check whenever array.ptr is passed into a @safe function
> (array must be non-empty).
It seems the array may be null.
Comment #2 by bugzilla — 2016-07-12T04:16:02Z
*** This issue has been marked as a duplicate of issue 11176 ***