https://issues.dlang.org/show_bug.cgi?id=24773
Issue ID: 24773
Summary: Stable sort() invokes the destructor on uninitialized
elements
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P1
Component: phobos
Assignee: [email protected]
Reporter: [email protected]
The TimSort implementation creates a temporary uninitialized array for copying
ranges of elements to. While this works fine for POD values, element types with
an elaborate destructor/postblit/copy constructor will be invoked with
uninitialized data, possibly leading to crashes or data corruption.
Test case:
---
import std.algorithm;
struct S {
int i = 42;
~this() { assert(i == 42); }
}
void main()
{
auto array = new S[](400);
array.sort!((a, b) => false, SwapStrategy.stable);
}
---
--
