Skip to content

return break returns pointer/uninitialised data. #6675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
huonw opened this issue May 22, 2013 · 2 comments
Closed

return break returns pointer/uninitialised data. #6675

huonw opened this issue May 22, 2013 · 2 comments
Labels
A-codegen Area: Code generation

Comments

@huonw
Copy link
Member

huonw commented May 22, 2013 

pub fn p() -> uint { for 1.times { return break; } 0 }
pub fn p2() -> ~[u8] { for 1.times { return break; } ~[] }

pub fn ok() -> uint { for 1.times { return 123456789; } 0 }

fn main() {
    let y = p2(); // +
    println(fmt!("%?", p()));
    // *
    println(fmt!("%?", y));
}

Without optimisations:

140330640183752
/bin/bash: line 1: 30823 Segmentation fault      ./return-break

Or, if the let marked with + is moved to the *.

140236804280776
~[]
*** Error in `./return-break': free(): invalid pointer: 0x0000000000a02020 ***
[... snip ...]

With -O(the position of the let doesn't matter):

0
/bin/bash: line 1: 30884 Segmentation fault      ./return-break

Delving in to the unoptimised asm, the only difference between p and ok is:

; p
.LBB2_4:
    #APP
    # return break ; (return-break.rs:1:35: 1:48)
    #NO_APP
    movq    -24(%rbp), %rax
    movb    $1, (%rax)
    movb    $0, -1(%rbp) ; once, for `return`
    movb    $0, -1(%rbp) ; twice, for `break`
    jmp .LBB2_1

; ok
.LBB16_4:
    #APP
    # return 123456789; (return-break.rs:4:36: 4:52)
    #NO_APP
    movq    -24(%rbp), %rax
    movb    $1, (%rax)
    movb    $0, -1(%rbp)
    movq    -32(%rbp), %rcx
    movq    $123456789, (%rcx)
    jmp .LBB16_1

So it looks like the calling code assumes that (%rcx)/(-32(%rbp)) is filled as the return value, but it's not. Presumably return break should be a compile error (or be equivalent to break), as should more complicated code like

return match foo {
  Bar => break,
  Baz => 2
}

since it also has the same problem.
@Aatch
Copy link
Contributor

Aatch commented May 23, 2013

Nominating, not sure what it should be for. But this seems fairly significant, since it can come up in perfectly reasonable code.

@MarkJr94 MarkJr94 mentioned this issue Jul 11, 2013
Closed
@thestinger thestinger reopened this Aug 5, 2013
@thestinger
Copy link
Contributor

The retptr hscks used by the old for loop are now fully removed.

flip1995 pushed a commit to flip1995/rust that referenced this issue Mar 25, 2021
@bors
Auto merge of rust-lang#6928 - mgacek8:issue6675_or_fun_call_unsafe_b…
36aee1c 
…locks, r=phansch

or_fun_call: trigger on unsafe blocks

fixes rust-lang#6675
changelog: or_fun_call: trigger on unsafe blocks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-codegen Area: Code generation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Aatch @huonw @thestinger