subject:"\[Issue 6874\] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx"

[Issue 6874] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx

2012-01-18 Thread d-bugmail

http://d.puremagic.com/issues/show_bug.cgi?id=6874


Nils mailm...@nilsb.dyndns.org changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED


--- Comment #2 from Nils mailm...@nilsb.dyndns.org 2012-01-18 18:27:00 PST ---
https://github.com/D-Programming-Language/phobos/commit/ae112b9dea12afa7bcba4c118f675ed8e8ff5ca2

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
--- You are receiving this mail because: ---

[Issue 6874] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx

2011-11-02 Thread d-bugmail

http://d.puremagic.com/issues/show_bug.cgi?id=6874



--- Comment #1 from Nils mailm...@nilsb.dyndns.org 2011-11-02 21:16:44 PDT ---
What happens is this: b.insertInPlaceImpl(...) does 
realloc(b.ptr, newLength * b[0].sizeof), assuming that realloc will allocate
enough space to safely write newLength values from b.ptr on.
But realloc does not guarantee that as it compares the requested size with
the result of gcx.findSize(b.ptr) to determine if it needs to allocate,
and gcx.findSize returns the size of the full block the pointer is in,
not of the space behind it. And b = [1 .. $]; moves b.ptr into the allocated
block.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
--- You are receiving this mail because: ---

[Issue 6874] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx

[Issue 6874] heap corruption caused by std.array.insertInPlaceImpl or gc.gcx

2 matches

Site Navigation

Mail list logo

Footer information