Skip to content

builtin: guard array push len panics#27335

Merged
medvednikov merged 2 commits into
masterfrom
codex/fix-array-push-no-bounds-checking
Jun 3, 2026
Merged

builtin: guard array push len panics#27335
medvednikov merged 2 commits into
masterfrom
codex/fix-array-push-no-bounds-checking

Conversation

@medvednikov
Copy link
Copy Markdown
Member

@medvednikov medvednikov commented Jun 3, 2026
edited
Loading

Fixes #27334.

What changed

  • Guard the array.push and array.push_noscan negative-length sanity checks with $if !no_bounds_checking.
  • Keep the max_int length guards unconditional so required := a.len + 1 cannot overflow when bounds checking is disabled.
  • Add a C-output regression that verifies -prod -no-bounds-checking generated C omits the negative-length panic paths while retaining the max-length overflow guards for both regular and noscan array pushes.

Why

The negative-length checks are bounds-checking sanity paths and can be compiled out consistently with existing array access checks. The max_int checks are capacity-overflow guards, so they remain active even with -no-bounds-checking.

Validation

  • ./v -g -keepc -o ./vnew cmd/v
  • ./vnew test vlib/builtin/array_test.v
  • ./vnew -silent vlib/v/gen/c/coutput_test.v

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d9951abbb1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread vlib/builtin/array.v
}
if a.len >= max_int {
panic('array.push: len bigger than max_int')
$if !no_bounds_checking {
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep the max_int push guard enabled

When compiling with -no-bounds-checking and appending to an array whose len is already max_int (for example a very large byte array or one constructed through unsafe/C interop), this wrapper removes the only guard before required := a.len + 1; that addition then overflows before the capacity check and the subsequent write uses the old max_int offset, causing UB/memory corruption instead of the previous panic. -no-bounds-checking disables index checks, but other capacity-overflow guards such as push_many/insert_many remain unconditional, so the max length guard should stay outside the $if (or be replaced with an overflow-safe computation); the same applies to push_noscan.

Useful? React with 👍 / 👎.

@medvednikov medvednikov merged commit 74578fc into master Jun 3, 2026
72 of 92 checks passed
@medvednikov medvednikov deleted the codex/fix-array-push-no-bounds-checking branch June 3, 2026 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

builtin: array.push has 2 unconditional dead branches

1 participant

@medvednikov