[Issue 17251] Appender.put errors out with const input range elements
https://issues.dlang.org/show_bug.cgi?id=17251 --- Comment #1 from github-bugzi...@puremagic.com --- Commits pushed to master at https://github.com/dlang/phobos https://github.com/dlang/phobos/commit/c770fb481218e6eb2cd32363ce96de816dc6bdcf Fix issue 17251 - Appender.put doesn't accept const input range elements. The two overloads taking an element and a const range were conflicting because canPutConstRange is overlapping the definition of canPutItem. https://github.com/dlang/phobos/commit/23726d63308c97799c6b356be392b466804be1f5 Merge pull request #5264 from s-ludwig/master Fix issue 17251 - Appender.put doesn't accept const input range elements merged-on-behalf-of: H. S. Teoh--
[Issue 17284] Template function attribute inference wrongly infers @safe for accessing overlapping pointer fields in unions
https://issues.dlang.org/show_bug.cgi?id=17284 --- Comment #6 from ZombineDev--- > Looks like attribute inference is a free license to violate @safety. :-D Yeah with templates one enters 'god mode' in :D Though the situation isn't very clear-cut. Take this code for example: ``` struct S { int* ptr; } void func1()() { S s; s.ptr++; } pragma (msg, "typeof(!()): ", typeof(!())); class C { } union U { C c; int i; } void func2()() { U u; u.c = null; } pragma (msg, "typeof(!()): ", typeof(!())); int[] func3()() { int[5] sa; return sa; } pragma (msg, "typeof(!()): ", typeof(!())); int[] func4a(int[] a) @safe { return a; } int[] func4b()() { int[5] sa; return func4a(sa); } pragma (msg, "typeof(!()): ", typeof(!())); void main() {} ``` $ dmd safe_infer_test1.d typeof(!()): void function() pure nothrow @nogc @system typeof(!()): void function() pure nothrow @nogc @safe typeof(!()): safe_infer_test1.d(10): Error: escaping reference to local variable sa int[] function() pure nothrow @nogc @safe typeof(!()): int[] function() @safe So, depending on the code in question, sometimes inferences works correctly, and sometimes not. Also note that the attribute inference of func4b!() changes depending on if you compile with -dip1000 or not: $ dmd -dip1000 safe_infer_test1.d typeof(!()): void function() pure nothrow @nogc @system typeof(!()): void function() pure nothrow @nogc @safe typeof(!()): safe_infer_test1.d(10): Error: escaping reference to local variable sa int[] function() pure nothrow @nogc @safe typeof(!()): int[] function() @system --
[Issue 17286] New: A function for comparing two digests securely
https://issues.dlang.org/show_bug.cgi?id=17286 Issue ID: 17286 Summary: A function for comparing two digests securely Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P1 Component: phobos Assignee: nob...@puremagic.com Reporter: j...@jackstouffer.com Given two strings A and B, using std.algorithm.equal to compare them leaves your web application open to timing attacks because it has a short circuit, i.e. it returns false on the first inequality. The attack comes from allowing attacker to brute force you HMAC key. See this article for more information and why Java gets it wrong: https://codahale.com/a-lesson-in-timing-attacks/ The solution is to have a string comparison that will always be constant time given two strings of the same length. --
[Issue 17284] Template function attribute inference wrongly infers @safe for accessing overlapping pointer fields in unions
https://issues.dlang.org/show_bug.cgi?id=17284 --- Comment #5 from hst...@quickfur.ath.cx --- Oh my, it gets worse: ref has nothing to do with it at all! Look at this blatant violation of @safe: -- class C { } union U { C c; int i; } void func(T)(T t) { t.c = new C; t.i++; // !!! } pragma(msg, typeof(func!U)); -- Compiler output: -- pure nothrow @safe void(U t) -- Looks like attribute inference is a free license to violate @safety. :-D Or, more precisely, attribute inference completely forgets to check for overlapping pointers. --
[Issue 17284] Template function attribute inference wrongly infers @safe for accessing overlapping pointer fields in unions
https://issues.dlang.org/show_bug.cgi?id=17284 hst...@quickfur.ath.cx changed: What|Removed |Added Summary|ref returning function |Template function attribute |template allows bypassing |inference wrongly infers |@safe on unions |@safe for accessing ||overlapping pointer fields ||in unions --
[Issue 17284] ref returning function template allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 --- Comment #4 from hst...@quickfur.ath.cx --- Interesting. So it would appear that the problem is caused by attribute inference wrongly inferring @safe for a template function that returns an overlapping pointer field. I.e.: class C { } union U { C c; int i; } ref C func(T)(ref T t) { return t.c; } pragma(msg, typeof(func!U)); Compiler output: pure nothrow @nogc ref @safe C(return ref U t) The correct inferred type should be: pure nothrow @nogc ref @system C(return ref U t) --
[Issue 17284] ref returning function template allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 --- Comment #3 from ZombineDev--- So it seems that the bug has to do with the @safe-ty inference on template functions, since the code does not compile if the function template is explicitly marked with @safe. --
[Issue 17285] Segfault for invalid code (enum without value)
https://issues.dlang.org/show_bug.cgi?id=17285 David Nadlingerchanged: What|Removed |Added Keywords||ice, ice-on-invalid-code CC||c...@klickverbot.at --
[Issue 17284] ref returning function template allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 ZombineDevchanged: What|Removed |Added Summary|opDispatch allows bypassing |ref returning function |@safe on unions |template allows bypassing ||@safe on unions --- Comment #2 from ZombineDev --- I reduced it a bit further: Case 1: ``` class C { } union U { C c; int i; } ref C getC1(ref U u) { return u.c; } ref C getC2(T)(ref T u) { return u.c; } void main() @safe { U u; u.getC2() = new C; // compiles (!!!) } ``` Case 2: ``` class C { } union U { C c; int i; } ref C getC1(ref U u) { return u.c; } ref C getC2(T)(ref T u) { return u.c; } void main() @safe { U u; u.getC1() = new C; // (Line 12) Doesn't compile } ``` main.d(12): Error: @safe function 'D main' cannot call @system function 'main.getC1' Case 3: ``` class C { } union U { C c; int i; } @safe: ref C getC1(ref U u) { return u.c; } // (Line 9) ref C getC2(T)(ref T u) { return u.c; } void main() @safe { U u; u.getC1() = new C; } ``` main.d(9): Error: field U.c cannot access pointers in @safe code that overlap other fields Case 4: ``` class C { } union U { C c; int i; } @safe: ref C getC1(ref U u) { return u.c; } // (Line 9) ref C getC2(T)(ref T u) { return u.c; } // (Line 10) void main() @safe { U u; u.getC2() = new C;// (Line 14) } ``` main.d(9): Error: field U.c cannot access pointers in @safe code that overlap other fields main.d(10): Error: field U.c cannot access pointers in @safe code that overlap other fields main.d(14): Error: template instance main.getC2!(U) error instantiating --
[Issue 17285] New: Segfault for invalid code (enum without value)
https://issues.dlang.org/show_bug.cgi?id=17285 Issue ID: 17285 Summary: Segfault for invalid code (enum without value) Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: normal Priority: P1 Component: dmd Assignee: nob...@puremagic.com Reporter: ki...@gmx.net Crashes with DMD 2.073.2 (but at least prints an error message before that): enum SETTINGS_THEME_VARIANT_KEY; void foo() { foreach(key; [SETTINGS_THEME_VARIANT_KEY, 1]) {} } --
[Issue 17284] opDispatch allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 ZombineDevchanged: What|Removed |Added CC||petar.p.ki...@gmail.com Component|phobos |dmd Hardware|x86_64 |All Summary|std.experimental.typecons.F |opDispatch allows bypassing |inal allows bypassing @safe |@safe on unions |on unions | OS|Linux |All Severity|normal |major --- Comment #1 from ZombineDev --- The issue has little to do with std.experimental.typecons.Final. Final just uses std.typecons.Proxy. I added an assert(0) on line 5585 in std.typecons from dmd 2.073.2 and got this: $ ./main core.exception.AssertError@/home/zlx/dlang/dmd-2.073.2/linux/bin64/../../src/phobos/std/typecons.d(5585): Assertion failure ??:? _d_assert [0x4296e4] ??:? pure nothrow ref @property @nogc return @safe int std.experimental.typecons.Final!(main.U).Final.__mixin8.opDispatch!("i").opDispatch!(std.experimental.typecons.Final!(main.U).Final).opDispatch() [0x428684] ??:? _Dmain [0x42845b] ??:? _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv [0x429c9f] ??:? void rt.dmain2._d_run_main(int, char**, extern (C) int function(char[][])*).tryExec(scope void delegate()) [0x429bc7] ??:? void rt.dmain2._d_run_main(int, char**, extern (C) int function(char[][])*).runAll() [0x429c44] ??:? void rt.dmain2._d_run_main(int, char**, extern (C) int function(char[][])*).tryExec(scope void delegate()) [0x429bc7] ??:? _d_run_main [0x429b33] ??:? main [0x42871f] ??:? __libc_start_main [0x4b801f44] (dmd-2.073.2)/mnt/d/tmp_code/final_safe This issue can easily be reproduced with the following code: class C { } union U { C c; int i; } struct S(T) { private T value__; @property auto ref opDispatch(string name)() { return mixin("value__." ~ name); } } void main() @safe { S!U u; u.c = new C; // compiles (!!!) u.i++; // uh-oh } Therefore I'm changing the component to dmd. --
[Issue 17284] std.experimental.typecons.Final allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 hst...@quickfur.ath.cx changed: What|Removed |Added Keywords||safe Severity|enhancement |normal --
[Issue 17284] New: std.experimental.typecons.Final allows bypassing @safe on unions
https://issues.dlang.org/show_bug.cgi?id=17284 Issue ID: 17284 Summary: std.experimental.typecons.Final allows bypassing @safe on unions Product: D Version: D2 Hardware: x86_64 OS: Linux Status: NEW Severity: enhancement Priority: P1 Component: phobos Assignee: nob...@puremagic.com Reporter: hst...@quickfur.ath.cx Code: -- class C { } union U { C c; int i; } void main() @safe { U u1; u1.c = new C; // compile error (correct, this is unsafe) u1.i++; // (because you can do this) import std.experimental.typecons : Final; Final!U u2; u2.c = new C; // compiles (!!!) u2.i++; // uh-oh } -- Expected behaviour: Final!U should not allow user code to bypass compiler's @safety checks on assigning pointers to unions. Or, at the minimum, Final should not be usable with unions. (It is questionable, in fact, whether modifying members of a Final!U should even be allowed in the first place.) --
[Issue 17124] dmd segfaults on __traits(getMember, ...)
https://issues.dlang.org/show_bug.cgi?id=17124 Martin Krejcirikchanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #2 from Martin Krejcirik --- Can't reproduce it, either. Reopen, if new information. --
[Issue 17282] [REG 2.074.0-b1] std.conv.parse throws with -debug
https://issues.dlang.org/show_bug.cgi?id=17282 Jack Stoufferchanged: What|Removed |Added Summary|std.conv.parse throws with |[REG 2.074.0-b1] |-debug |std.conv.parse throws with ||-debug --
[Issue 17282] std.conv.parse throws with -debug
https://issues.dlang.org/show_bug.cgi?id=17282 Jack Stoufferchanged: What|Removed |Added CC||j...@jackstouffer.com --- Comment #1 from Jack Stouffer --- https://github.com/dlang/phobos/pull/5310 --
[Issue 16273] [REG 2.072a] dmd segfault with inheritance, templates, override
https://issues.dlang.org/show_bug.cgi?id=16273 Martin Krejcirikchanged: What|Removed |Added Hardware|x86_64 |All OS|Linux |All --
[Issue 17283] std.experimental.typecons uses private module members
https://issues.dlang.org/show_bug.cgi?id=17283 --- Comment #1 from RazvanN--- std.experimental.typecons uses private members from std.typecons. Although this should have resulted in a compiler error, it didn't due to a compiler bug. I discovered this while trying to fix the aforementioned compiler bug and now this is blocking [1] [1] https://github.com/dlang/dmd/pull/6660 --
[Issue 17283] New: std.experimental.typecons uses private module members
https://issues.dlang.org/show_bug.cgi?id=17283 Issue ID: 17283 Summary: std.experimental.typecons uses private module members Product: D Version: D2 Hardware: x86_64 OS: Linux Status: NEW Severity: normal Priority: P1 Component: phobos Assignee: nob...@puremagic.com Reporter: razvan.nitu1...@gmail.com std.experimental.typecons uses private module members. Although this should have resulted in a compiler error, it hasn't due to a compiler bug. I discovered this while trying to fix the initial bug and now this is blocking [1] [1] https://github.com/dlang/dmd/pull/6660 --