D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.
Issue 22802 - [dip1000] First ref parameter seen as `return` destination even with `this`
Summary: [dip1000] First ref parameter seen as `return` destination even with `this`
Status: RESOLVED FIXED
Alias: None
Product: D
Classification: Unclassified
Component: dmd (show other issues)
Version: D2
Hardware: All All
: P1 normal
Assignee: No Owner
URL:
Keywords: pull, safe
Depends on:
Blocks:
 
Reported: 2022-02-21 16:20 UTC by Dennis
Modified: 2022-03-03 23:17 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Dennis 2022-02-21 16:20:33 UTC 
In escape.d, the `bool isFirstRef()` function incorrectly accepts the first ref parameter as a `return scope` destination, even when there is a `this` parameter that should be the only return destination. This allows you to escape a stack pointer:
```
@safe:
    
struct S
{
    int* ptr;
    void assign(ref int* refPtr, return scope int* z) scope
    {
        this.ptr = z; // allowed, first ref
        refPtr = z; // should not be allowed
    }
}

int* escape()
{
    int local;
    
    S escapeThis;
    int* escapeRef;
    
    escapeThis.assign(escapeRef, &local);

    return escapeRef; // Accepts invalid
    return escapeThis.ptr; // Error, correct
}
```
Comment 1 Dlang Bot 2022-03-03 10:02:50 UTC 
@dkorpel created dlang/dmd pull request #13748 "Fix issue 22802 - First ref parameter seen as `return` destination ev…" fixing this issue:

- Fix issue 22802 - First ref parameter seen as `return` destination even with `this`

https://github.com/dlang/dmd/pull/13748
Comment 2 Dlang Bot 2022-03-03 23:17:17 UTC 
dlang/dmd pull request #13748 "Fix issue 22802 - First ref parameter seen as `return` destination ev…" was merged into master:

- 8553e1e02da58e5f6d3c9818693b3af9d18e2b01 by Dennis Korpel:
  Fix issue 22802 - First ref parameter seen as `return` destination even with `this`

https://github.com/dlang/dmd/pull/13748