https://issues.dlang.org/show_bug.cgi?id=18691
Issue ID: 18691 Summary: assigning a std.regex.Captures with 3 or more groups causes double free Product: D Version: D2 Hardware: x86_64 OS: Linux Status: NEW Severity: regression Priority: P1 Component: phobos Assignee: nob...@puremagic.com Reporter: martin.do...@hitachivantara.com This minimal test case crashes: martind@swiftboat:~/tmp/D134366$ cat utilimal.d import std.regex; void main() { auto rx = regex("()()()"); auto ma = "".matchFirst(rx); ma = "".matchFirst(rx); } martind@swiftboat:~/tmp/D134366$ ~/download/d/dmd/generated/linux/release/64/dmd -g utilimal.d && valgrind ./utilimal ... ==655== Invalid free() / delete / delete[] / realloc() ==655== at 0x4C29E90: free (vg_replace_malloc.c:473) ==655== by 0x4C1E26: _D3std5regex__T8CapturesTAyaZQo6__dtorMFNbNiNeZv (/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:565) ==655== by 0x48A1CB: _Dmain (utilimal.d:5) ==655== by 0x4C6F5F: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6ECE: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6D5A: _d_run_main (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C303D: main (in /home/martind/tmp/D134366/utilimal) ==655== Address 0x5d2be50 is 0 bytes inside a block of size 64 free'd ==655== at 0x4C29E90: free (vg_replace_malloc.c:473) ==655== by 0x4C1E26: _D3std5regex__T8CapturesTAyaZQo6__dtorMFNbNiNeZv (/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:565) ==655== by 0x4C2D2F: _D3std5regex__T8CapturesTAyaZQo__T8opAssignZQkMFNbNiNeSQCbQCa__TQBxTQBrZQCfZQw (/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:685) ==655== by 0x48A181: _Dmain (utilimal.d:6) ==655== by 0x4C6F5F: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6ECE: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C6D5A: _d_run_main (in /home/martind/tmp/D134366/utilimal) ==655== by 0x4C303D: main (in /home/martind/tmp/D134366/utilimal) My testing suggests that this is a regression in 2.079.0 over 2.078.3-0. I might risk a guess that it's due to the addition of opAssign to the Captures struct in: https://github.com/dlang/phobos/commit/59520969ef73eaf0691972ee00b389e5bbc4c8fb#diff-4715499b2ff2d74e4eb3c6f3909c611c in an attempt by @MartinNowak to "fix Issue 18114 - regex performance regression". Do we now have big_matches in two Captures objects referring to the same calloc/free memory but each with their own _refcount? Have we also leaked any old memory that (lhs) big_matches owned? --