On Saturday, 11 March 2017 at 14:39:54 UTC, Stefan Koch wrote:
[ ... Slice Support ... ]
Hi Guys,
Since Slice support required an ABI there were a few bugs.
Interestingly those bugs where there for a very long time :)
The Type-handling I chose uses an index into a specific
type-array to represent types.
When this index is 0 we consider the type invalid.
However I had an off by one bug in the check, causing the first
TypeInstance of static arrays to be considered invalid.
As an Invalid type the array has the size 0.
Which in turn causes the Allocation for that array to allocate
zero bytes for it.
This zero allocation returns a valid pointer to the current top
of the heap.
(just without reserving any memory).
Then when we slice the array the slice-descriptor has to go onto
the heap.
And it overwrites the array-descriptor which was allocated with
zero size.
causing it to point a to a bogus address which is equivalent to
the array length.
My Sunday was ruined before it began :)
