Skip to content

use after free in Value.toIpString #19485

New issue
New issue
Closed
#19572
Closed
use after free in Value.toIpString#19485
#19572
Labels
bugObserved behavior contradicts documented or intended behaviorfrontendTokenization, parsing, AstGen, Sema, and Liveness.regressionIt worked in a previous version of Zig, but stopped working.
Milestone
0.12.0
@Techatrix

Description

@Techatrix
Techatrix
opened on Mar 30, 2024

Zig Version

0.12.0-dev.3497+fb9673f20

Steps to Reproduce and Observed Behavior

run zig build-exe file.zig

const std = @import("std");

const Config = struct {
    /// IMPORTANT
    /// IMPORTANT the field name length is actually much longer. About 50000 characters. Enough to force any buffer to resize on append
    /// IMPORTANT
    very_long_field_very_long_field_very_long_field: bool = true, 
};

const OptionalConfig = getConfigurationType();

// returns a Struct which is the same as `Config` except that every field is optional.
fn getConfigurationType() type {
    var config_info: std.builtin.Type = @typeInfo(Config);
    var fields: [config_info.Struct.fields.len]std.builtin.Type.StructField = undefined;
    for (config_info.Struct.fields, &fields) |field, *new_field| {
        new_field.* = field;
        if (@typeInfo(field.type) != .Optional) {
            new_field.type = @Type(std.builtin.Type{
                .Optional = .{ .child = field.type },
            });
        }
        new_field.default_value = &@as(new_field.type, null);
    }
    config_info.Struct.fields = fields[0..];
    config_info.Struct.decls = &.{};
    return @Type(config_info);
}

pub fn updateConfiguration2(config: *Config, new_config: Config) error{OutOfMemory}!void {
    var optional_config: OptionalConfig = .{};
    inline for (std.meta.fields(Config)) |field| {
        @field(optional_config, field.name) = @field(new_config, field.name);
    }
    try updateConfiguration(config, optional_config);
}

pub fn updateConfiguration(config: *Config, new_config: OptionalConfig) error{OutOfMemory}!void {
    var copy: OptionalConfig = .{};
    inline for (std.meta.fields(Config)) |field| {
        @field(copy, field.name) = if (@field(new_config, field.name)) |new_value| new_value else @field(config, field.name);
    }
    _ = ©
}

pub fn main() !void {
    _ = try updateConfiguration2(undefined, .{});
}

A release build segfaults while a debug build gives the following nonsensical error.
I have truncated the number of ������������������������ in the output.

sample.zig:38:27: error: no field named '�������������������������������������������������������������������������������������������������������������������������������������������������������' in struct 'sample.getConfigurationType()'
        @field(copy, field.name) = if (@field(new_config, field.name)) |new_value| new_value else @field(config, field.name);
                     ~~~~~^~~~~
sample.zig:24:12: note: struct declared here
    return @Type(config_info);
           ^~~~~~~~~~~~~~~~~~
referenced by:
    updateConfiguration2: sample.zig:32:9
    main: sample.zig:44:13
    remaining reference traces hidden; use '-freference-trace' to see all reference traces
Valgrind Output 
==2520642== Memcheck, a memory error detector
==2520642== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==2520642== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==2520642== Command: /home/techatrix/repos/zig/build/stage4/bin/zig build-exe sample.zig
==2520642== 
==2520642== Thread 2:
==2520642== Syscall param writev(vector[2]) points to uninitialised byte(s)
==2520642==    at 0x1173B44D: writev (in /nix/store/1zy01hjzwvvia6h9dq5xar88v77fgh9x-glibc-2.38-44/lib/libc.so.6)
==2520642==    by 0x1D18BE3: posix.writev (posix.zig:1290)
==2520642==    by 0x1A4CAB7: fs.File.writev (File.zig:1279)
==2520642==    by 0x18782D0: fs.File.writevAll (File.zig:1304)
==2520642==    by 0x202B360: Module.astGenFile (Module.zig:2362)
==2520642==    by 0x1D2431E: Compilation.workerAstGenFile (Compilation.zig:3973)
==2520642==    by 0x202BEA6: Thread.Pool.spawn__anon_79150.Closure.runFn (Pool.zig:93)
==2520642==    by 0x1FE0657: Thread.Pool.worker (Pool.zig:132)
==2520642==    by 0x1CD878A: Thread.callFn__anon_70463 (Thread.zig:408)
==2520642==    by 0x1A09A52: Thread.PosixThreadImpl.spawn__anon_58121.Instance.entryFn (Thread.zig:674)
==2520642==    by 0x116B90E3: start_thread (in /nix/store/1zy01hjzwvvia6h9dq5xar88v77fgh9x-glibc-2.38-44/lib/libc.so.6)
==2520642==    by 0x1173B5E3: clone (in /nix/store/1zy01hjzwvvia6h9dq5xar88v77fgh9x-glibc-2.38-44/lib/libc.so.6)
==2520642==  Address 0x11d00974 is 884 bytes inside a block of size 2,432 alloc'd
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x1C7564A: mem.Allocator.allocWithSizeAndAlignment__anon_69453 (Allocator.zig:211)
==2520642==    by 0x19BEC18: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19BEC18: mem.Allocator.alloc__anon_54507 (Allocator.zig:129)
==2520642==    by 0x202AD6C: Module.astGenFile (Module.zig:2312)
==2520642==    by 0x1D2431E: Compilation.workerAstGenFile (Compilation.zig:3973)
==2520642==    by 0x202BEA6: Thread.Pool.spawn__anon_79150.Closure.runFn (Pool.zig:93)
==2520642==    by 0x1FE0657: Thread.Pool.worker (Pool.zig:132)
==2520642==    by 0x1CD878A: Thread.callFn__anon_70463 (Thread.zig:408)
==2520642==    by 0x1A09A52: Thread.PosixThreadImpl.spawn__anon_58121.Instance.entryFn (Thread.zig:674)
==2520642==    by 0x116B90E3: start_thread (in /nix/store/1zy01hjzwvvia6h9dq5xar88v77fgh9x-glibc-2.38-44/lib/libc.so.6)
==2520642== 
Semantic Analysis [964] ==2520642== Thread 1:
==2520642== Invalid read of size 1
==2520642==    at 0x42FB80C: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5ea3 is 31,827 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 32
==2520642==    at 0x42FB850: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5ea4 is 31,828 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 32
==2520642==    at 0x42FB856: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5ec4 is 31,860 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 32
==2520642==    at 0x42FB85C: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5ee4 is 31,892 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 32
==2520642==    at 0x42FB862: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5f04 is 31,924 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 32
==2520642==    at 0x42FB887: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7a5fa4 is 32,084 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 16
==2520642==    at 0x42FB8B0: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7b28a4 is 83,540 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 16
==2520642==    at 0x42FB8C3: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7b28c4 is 83,572 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 1
==2520642==    at 0x42FB8E0: memcpy (memcpy.zig:19)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7b2914 is 83,652 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642== 
==2520642== Invalid read of size 1
==2520642==    at 0x42FB8F1: memcpy (memcpy.zig:21)
==2520642==    by 0x183C962: array_list.ArrayListAlignedUnmanaged(u8,null).appendSliceAssumeCapacity (array_list.zig:900)
==2520642==    by 0x1822A39: InternPool.getOrPutString (InternPool.zig:8443)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==    by 0x1D80897: Sema.analyzeInlineBody (Sema.zig:911)
==2520642==    by 0x205D35C: Sema.analyzeBodyInner (Sema.zig:1736)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==    by 0x205C04E: Sema.analyzeBodyInner (Sema.zig:1626)
==2520642==  Address 0x1d7b2916 is 83,654 bytes inside a block of size 177,497 free'd
==2520642==    at 0x4D519E4: free (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6D67: heap.rawCFree (heap.zig:220)
==2520642==    by 0x17DB653: rawFree (Allocator.zig:98)
==2520642==    by 0x17DB653: mem.Allocator.free__anon_6345 (Allocator.zig:314)
==2520642==    by 0x1D08720: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1083)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x18229C7: InternPool.getOrPutString (InternPool.zig:8442)
==2520642==    by 0x2F159FF: Value.toIpString (Value.zig:56)
==2520642==    by 0x29EDBCA: Sema.sliceToIpString (Sema.zig:39129)
==2520642==    by 0x29ED9BA: Sema.resolveConstStringIntern (Sema.zig:1900)
==2520642==    by 0x253F405: Sema.zirFieldPtrNamed (Sema.zig:10287)
==2520642==    by 0x205180C: Sema.analyzeBodyInner (Sema.zig:1044)
==2520642==  Block was alloc'd at
==2520642==    at 0x4D4E76B: malloc (in /nix/store/4yj7p7b95fjbr9dp6cnnqdnq476622w1-valgrind-3.22.0/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2520642==    by 0x17F6CB2: heap.rawCAlloc (heap.zig:188)
==2520642==    by 0x1C77C5C: rawAlloc (Allocator.zig:86)
==2520642==    by 0x1C77C5C: mem.Allocator.allocBytesWithAlignment__anon_69467 (Allocator.zig:225)
==2520642==    by 0x19C37DA: mem.Allocator.allocWithSizeAndAlignment__anon_54623 (Allocator.zig:211)
==2520642==    by 0x19D8C88: allocAdvancedWithRetAddr (Allocator.zig:205)
==2520642==    by 0x19D8C88: mem.Allocator.alignedAlloc__anon_57020 (Allocator.zig:193)
==2520642==    by 0x1D08548: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacityPrecise (array_list.zig:1081)
==2520642==    by 0x1A2F9B5: array_list.ArrayListAlignedUnmanaged(u8,null).ensureTotalCapacity (array_list.zig:1058)
==2520642==    by 0x183C77F: array_list.ArrayListAlignedUnmanaged(u8,null).ensureUnusedCapacity (array_list.zig:1096)
==2520642==    by 0x182A0E9: InternPool.get (InternPool.zig:5710)
==2520642==    by 0x18BA5D9: Module.intern (Module.zig:5533)
==2520642==    by 0x2565957: Sema.zirTypeInfo (Sema.zig:18470)
==2520642==    by 0x205300F: Sema.analyzeBodyInner (Sema.zig:1083)
==2520642==

I have reduced this from trying to compile ZLS at e56f307f7dced13e340b141e4aa9322b74e7e826 with zig build -Dtarget=x86-linux -Doptimize=ReleaseSafe (any other flags did not work)

As far as I can tell, the issue is with the toIpString function which is calling InternPool.getOrPutString on data that aliases the InternPool's string bytes. If the ArrayList has to reallocate then we have a use after free.
Why this doesn't reproduce with a compiler before #19414 is beyond me.

Expected Behavior

no crash please 😭

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugObserved behavior contradicts documented or intended behaviorfrontendTokenization, parsing, AstGen, Sema, and Liveness.regressionIt worked in a previous version of Zig, but stopped working.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions