https://issues.dlang.org/show_bug.cgi?id=17507
Issue ID: 17507
Summary: Associative Array range operations should be marked
@safe
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Keywords: safe
Severity: enhancement
Priority: P1
Component: druntime
Assignee: nob...@puremagic.com
Reporter: schvei...@yahoo.com
All the operations *can* be safe, but are not currently. All problems happen
when the AA is rehashed.
For instance, if the AA is rehashed, the range may be referring to an empty
bucket. In this case, the element is null. Fetching the key returns a null
pointer (safe), fetching the value, returns a null pointer + sizeof(key)
(unsafe). We can fix this, and then mark the front call safe completely. Note
that the current front call is @trusted, that should be removed and the actual
call into the runtime marked @safe.
Another issue: if the rehash shrinks the array, then the index could be out of
bounds. Since druntime is compiled in release mode without bounds checks, the
range could corrupt memory if used at that point. It would cost very little to
check the index against the length of the array before returning.
--
