Bug 4728 – Segfault(toctype.c) by protected/private constructor in an other module

// a.d import b; void main() { new A(); } // b.d class A { protected this(){} } When these source codes are compiled with dmd trunk r628, dmd outputs a correct error message and crashes. >dmd a b a.d(4): Error: class b.A member this is not accessible <-- crash!! The cause of the crash is an access to the null pointer as shown below. // toctype.c ... type *TypeFunction::toCtype() { type *t; if (ctype) return ctype; if (1) { param_t *paramtypes; tym_t tyf; type *tp; paramtypes = NULL; size_t nparams = Parameter::dim(parameters); for (size_t i = 0; i < nparams; i++) { Parameter *arg = Parameter::getNth(parameters, i); tp = arg->type->toCtype(); if (arg->storageClass & (STCout | STCref)) { // C doesn't have reference types, so it's really a pointer // to the parameter type tp = type_allocn(TYref, tp); } param_append_type(&paramtypes,tp); } tyf = totym(); t = type_alloc(tyf); t->Tflags |= TFprototype; if (varargs != 1) t->Tflags |= TFfixed; ctype = t; t->Tnext = next->toCtype(); // <<<<<<<<<<<<<<<< next is null t->Tnext->Tcount++; t->Tparamtypes = paramtypes; } ctype = t; return t; } ...

I cannot reproduce this. For me on Windows, it prints the error message, but does not crash. Perhaps the test case is slightly wrong?

(In reply to comment #1) > I cannot reproduce this. For me on Windows, it prints the error message, but > does not crash. Perhaps the test case is slightly wrong? Oh really? Now, I performed it with dmd r712, druntime r398, and phobos r2092. dmd crashed again within an error message.

This is a silly one! This only appears in debug mode, it because Walter accidentally left a call to "halt()". access.c, line 256. This ICE can never occur in a release version of the compiler.