fix some unsafe behavior in std.format#4427
Conversation
std/format.d
Outdated
| * the difference between the starts of the arrays | ||
| */ | ||
| @trusted private pure nothrow @nogc | ||
| size_t arrayPtrDiff(const void[] array1, const void[] array2) |
There was a problem hiding this comment.
Shouldn't this return ptrdiff_t or at least assert that array1.ptr >= array2.ptr?
|
What is made safe by this and where is the @safe unittest that shows that. |
|
@burner Walter is fixing various safety related bugs. In this case, the next version of dmd will disallow accessing See also dlang/dmd#5860 |
|
@ZombineDev thanks. @WalterBright I would have liked this link to the dmd PR in the original PR description. Figuring out what the purpose of this PR is would have been easier this way. |
WalterBright
force-pushed
the
formatPtrDiff
branch
from
814af1e to
2be0355
Compare
|
LGTM |
| enforceFmt(tmp.length, | ||
| text("Incorrect format specifier %", trailing[i .. $])); | ||
| i = tmp.ptr - trailing.ptr; | ||
| i = arrayPtrDiff(tmp, trailing); |
There was a problem hiding this comment.
Alternatively, we could use a more general ptrValue safe function:
i = tmp.ptrValue - trailing.ptrValue;
See dlang/druntime#1590 (comment)
There was a problem hiding this comment.
@ntrel see new PR I added to try and make a nice wrapper for this: dlang/druntime#1592
|
Auto-merge toggled on |
|
This pull request introduced a regression: |
- fix incorrect pointer diff computation introduced by PR dlang#4427 commit 2be0355
- fix incorrect pointer diff computation introduced by PR dlang#4427 commit 2be0355
6 participants
No description provided.