← Back to index | Original Bugzilla link

Bug 22802 – [dip1000] First ref parameter seen as `return` destination even with `this`

Status: RESOLVED
Resolution: FIXED
Severity: normal
Priority: P1
Component: dmd
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2022-02-21T16:20:33Z
Last change time: 2022-03-03T23:17:17Z
Keywords: pull, safe
Assigned to: No Owner
Creator: Dennis

Comments

Comment #0 by dkorpel — 2022-02-21T16:20:33Z

In escape.d, the `bool isFirstRef()` function incorrectly accepts the first ref parameter as a `return scope` destination, even when there is a `this` parameter that should be the only return destination. This allows you to escape a stack pointer: ``` @safe: struct S { int* ptr; void assign(ref int* refPtr, return scope int* z) scope { this.ptr = z; // allowed, first ref refPtr = z; // should not be allowed } } int* escape() { int local; S escapeThis; int* escapeRef; escapeThis.assign(escapeRef, &local); return escapeRef; // Accepts invalid return escapeThis.ptr; // Error, correct } ```

Comment #1 by dlang-bot — 2022-03-03T10:02:50Z

@dkorpel created dlang/dmd pull request #13748 "Fix issue 22802 - First ref parameter seen as `return` destination ev…" fixing this issue: - Fix issue 22802 - First ref parameter seen as `return` destination even with `this` https://github.com/dlang/dmd/pull/13748

Comment #2 by dlang-bot — 2022-03-03T23:17:17Z

dlang/dmd pull request #13748 "Fix issue 22802 - First ref parameter seen as `return` destination ev…" was merged into master: - 8553e1e02da58e5f6d3c9818693b3af9d18e2b01 by Dennis Korpel: Fix issue 22802 - First ref parameter seen as `return` destination even with `this` https://github.com/dlang/dmd/pull/13748