Bug 3724 – bug in Expression::arraySyntaxCopy (null pointer dereference on struct->union->struct
Status
RESOLVED
Resolution
FIXED
Severity
normal
Priority
P2
Component
dmd
Product
D
Version
D2
Platform
x86
OS
Linux
Creation time
2010-01-19T19:14:00Z
Last change time
2015-06-09T01:27:22Z
Keywords
ice-on-valid-code, patch
Assigned to
nobody
Creator
witold.baryluk+d
Comments
Comment #0 by witold.baryluk+d — 2010-01-19T19:14:35Z
In case of code similar to this
struct v {
union {
struct { float a, b; }
struct { float c[2]; }
}
}
(it is more complicated than just this sample, to trigger this bug.
I can't easly produce small example)
file expression.c
method Expression *StructLiteralExp::semantic(Scope *sc)
performs kind of flatening, and adds member c to array "elements",
but in case on union memberrs it adds them as null:
relevant lines:
line 3373
if (v->offset < offset)
{ e = NULL;
sd->hasUnions = 1;
}
and line 3393
elements->push(e)
Fix:
In file expression.c line 1477
method Expressions *Expression::arraySyntaxCopy(Expressions *exps)
add condition:
for (int i = 0; i < a->dim; i++)
{ Expression *e = (Expression *)exps->data[i];
- e = e->syntaxCopy();
+ if (e)
+ e = e->syntaxCopy();
a->data[i] = e;^M
}
Without it, optimize.c lines 86-87 will call indirectly this method, when some (last) elemenets of exps is/are nulls, and segfault.