← Back to index | Original Bugzilla link

Bug 20551 – In @safe code and using delegates, it's possible to escape references to function frame

Status: RESOLVED
Resolution: FIXED
Severity: normal
Priority: P1
Component: dmd
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2020-01-31T23:43:13Z
Last change time: 2020-02-03T09:44:56Z
Keywords: pull, safe
Assigned to: RazvanN
Creator: Basile-z

Comments

Comment #0 by b2.temp — 2020-01-31T23:43:13Z

test case, compiled with dmd 2.090.0, -preview=dip25 -preview=dip1000: --- module runnable; import std.stdio; struct LazyStore(T) { T delegate() @safe dg; void opAssign(E)(lazy E e) @safe { dg = cast(typeof(dg)) &e; } T test() @safe{ return dg(); } } static LazyStore!int f; void main(string[] args) @safe { int x = 1; f = x + x + 20 + x * 20; writeln(f.test()); } static void corrupt() { writeln(f.test()); } static ~this() { corrupt(); } --- LazyStore keeps a reference to the local variable passed as lazy expression in its opAssign. When using it out of the main() frame the result is undefined. Suggested fix is to disallow taking address of a lazy parameter but only in @safe code, since otherwise this trick plesantly works.

Comment #1 by b2.temp — 2020-02-01T14:14:15Z

This is actually quite a new issue as this could not work before 2.090. I believe that https://github.com/dlang/dmd/pull/10509 lacked of review. To the attention of [email protected], just add a check to disable the new feature in @safe and this should be good ;)

Comment #2 by b2.temp — 2020-02-02T09:31:21Z

Sorry the PR I mentioned is only a chagelog entry.

Comment #3 by b2.temp — 2020-02-02T09:33:54Z

to the attention of RazvanN7, the change introduced in https://github.com/dlang/dmd/pull/10264 should not be allowed in @safe.

Comment #4 by razvan.nitu1305 — 2020-02-03T02:51:43Z

Yes, I agree, taking the address of a lazy variable should be disallowed in @safe code.

Comment #5 by razvan.nitu1305 — 2020-02-03T02:52:30Z

Will post a patch in 1-2 days, when I find the time.

Comment #6 by dlang-bot — 2020-02-03T03:20:52Z

@RazvanN7 created dlang/dmd pull request #10756 "Fix Issue 20551 - In @safe code and using delegates, it's possible to escape references to function frame" fixing this issue: - Fix Issue 20551 - In @safe code and using delegates, it's possible to escape references to function frame https://github.com/dlang/dmd/pull/10756

Comment #7 by dlang-bot — 2020-02-03T04:24:56Z

dlang/dmd pull request #10756 "Fix Issue 20551 - In @safe code and using delegates, it's possible to escape references to function frame" was merged into master: - 6201a270a92c93400f56776e2f77bdf2482944dc by RazvanN7: Fix Issue 20551 - In @safe code and using delegates, it's possible to escape references to function frame https://github.com/dlang/dmd/pull/10756

Comment #8 by b2.temp — 2020-02-03T09:44:56Z

Thanks for your time Razvan.