Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Issue 9195 - Should not be able to index a pointer in safed #1482

Merged
merged 1 commit into from

4 participants

@yebblies
Collaborator

This prevents indexing a pointer in @safe code unless the index is known at compile time to be zero.

http://d.puremagic.com/issues/show_bug.cgi?id=9195

@yebblies yebblies Fix Issue 9195 - Should not be able to index a pointer in safed
This prevents indexing a pointer in @safe code unless the index is known at compile time to be zero.
580eb16
@andralex
Owner

nice!

@WalterBright WalterBright merged commit e97e886 into D-Programming-Language:master
@yebblies
Collaborator

Should we also allow ptr+0 in @safe code?

@braddr
Owner

Ideally any expression involving ptr that after const folding is equal to ptr still. But I don't expect there's a lot of those other than ptr[0]. ptr+0 might be next most likely and ptr+var where var is known to be 0 a distant third. and ptr+expr where expr ctfe'ly evaluates to 0 and even more distant forth?

@yebblies
Collaborator

I don't think I've every seen *(ptr+0) in real code...

and ptr+expr where expr ctfe'ly evaluates to 0 and even more distant forth?

We can't evaluate expr using ctfe in most contexts.

We could allow *([1,2,3].ptr + 2) if we really wanted to, or even

uint x;
auto b = *((cast(ubyte*)&x)+3);

This could be done by calculating a 'safe offset' for each pointer expression and checking the range.

@andralex
Owner

Is this done after inlining? At that point there could be quite a few instances of p[0].

@yebblies
Collaborator

No, before inlining. If you do it after then some code will only compile with -inline.

@ghost Unknown referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@ghost Unknown referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@ghost Unknown referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@ghost Unknown referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 14, 2013
  1. @yebblies

    Fix Issue 9195 - Should not be able to index a pointer in safed

    yebblies authored
    This prevents indexing a pointer in @safe code unless the index is known at compile time to be zero.
This page is out of date. Refresh to see the latest.
Showing with 21 additions and 1 deletion.
  1. +13 −0 src/expression.c
  2. +8 −1 test/runnable/testsafe.d
View
13 src/expression.c
@@ -10070,6 +10070,19 @@ Expression *IndexExp::semantic(Scope *sc)
switch (t1->ty)
{
case Tpointer:
+ e2 = e2->implicitCastTo(sc, Type::tsize_t);
+ e2 = e2->optimize(WANTvalue);
+ if (e2->op == TOKint64 && e2->toInteger() == 0)
+ ;
+ else if (sc->func->setUnsafe())
+ {
+ error("safe function '%s' cannot index pointer '%s'",
+ sc->func->toPrettyChars(), e1->toChars());
+ return new ErrorExp();
+ }
+ e->type = ((TypeNext *)t1)->next;
+ break;
+
case Tarray:
e2 = e2->implicitCastTo(sc, Type::tsize_t);
e->type = ((TypeNext *)t1)->next;
View
9 test/runnable/testsafe.d
@@ -279,7 +279,14 @@ void voidinitializers()
static assert(!__traits(compiles, { int** a = void; } ));
static assert(!__traits(compiles, { int[int] a = void; } ));
}
-
+
+@safe
+void pointerindex()
+{//http://d.puremagic.com/issues/show_bug.cgi?id=9195
+ static assert(!__traits(compiles, { int* p; auto a = p[30]; }));
+ static assert( __traits(compiles, { int* p; auto a = p[0]; }));
+}
+
@safe
void basiccast()
{//http://d.puremagic.com/issues/show_bug.cgi?id=5088
Something went wrong with that request. Please try again.