Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SR-11091] String append Segmentation fault after reserveCapacity with argument smaller than required for existing String #53483

Closed
bobergj opened this issue Jul 9, 2019 · 1 comment · Fixed by #65902, #65977 or #65988
Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. crash Bug: A crash, i.e., an abnormal termination of software standard library Area: Standard library umbrella String Area → standard library: The `String` type swift 5.9

Comments

@bobergj
Copy link

bobergj commented Jul 9, 2019

Previous ID SR-11091
Radar None
Original Reporter @bobergj
Type Bug

Attachment: Download

Environment

Xcode Version 11.0 beta 4 (11M374r)

Apple Swift version 5.1 (swiftlang-1100.0.257.2 clang-1100.0.31.3)

macOS 10.14.5 (18F132)

Additional Detail from JIRA
Votes 0
Component/s Standard Library
Labels Bug, RunTimeCrash
Assignee None
Priority Medium

md5: 85de7713cc04dcda625434e59758a5c1

Issue Description:

How to reproduce, attached as StringReserveCapacityCrash.swift, not minimised:

var string: String = """
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
"""

string.reserveCapacity(32)
string.append("a") 
swift --version
Apple Swift version 5.1 (swiftlang-1100.0.212.5 clang-1100.0.28.2)
Target: x86_64-apple-darwin18.6.0

swift StringReserveCapacityCrash.swift
Stack dump:
0.  Program arguments: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/swift -frontend -interpret StringReserveCapacityCrash.swift -enable-objc-interop -sdk /Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -color-diagnostics -module-name StringReserveCapacityCrash 
0  swift                    0x000000010abd9c83 PrintStackTraceSignalHandler(void*) + 51
1  swift                    0x000000010abd9456 SignalHandler(int) + 358
2  libsystem_platform.dylib 0x00007fff7bb2db5d _sigtramp + 29
3  libsystem_malloc.dylib   0x00007fff7baeecb7 tiny_malloc_from_free_list + 450
4  libswiftCore.dylib       0x00007fff7b227d9a $ss15__StringStorageCfD + 122
5  libswiftCore.dylib       0x00007fff7b35aa60 _swift_release_dealloc + 16
6  libswiftCore.dylib       0x00007fff7b21e80c $ss11_StringGutsV23prepareForAppendInPlace33_408A76AB043BD3EFBAB6FAAAAA9B4914LL14otherUTF8CountySi_tF + 956
7  libswiftCore.dylib       0x00007fff7b21e9cf $ss11_StringGutsV6appendyys01_aB5SliceVF + 239
8  libswiftCore.dylib       0x00007fff7b2be6ee $ss11_StringGutsV6appendyyABFTf4xn_n + 142
9  libswiftCore.dylib       0x00007fff7b2bf9d0 $sSS6appendyySSFTf4xn_n + 80
10 libswiftCore.dylib       0x00007fff7b213ab9 $sSS6appendyySSF + 9
11 libswiftCore.dylib       0x000000010d45a0ce $sSS6appendyySSF + 2451858974
12 swift                    0x00000001068552bd llvm::MCJIT::runFunction(llvm::Function*, llvm::ArrayRef<llvm::GenericValue>) + 365
13 swift                    0x000000010685c272 llvm::ExecutionEngine::runFunctionAsMain(llvm::Function*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, char const* const*) + 1090
14 swift                    0x00000001068300b9 performCompile(swift::CompilerInstance&, swift::CompilerInvocation&, llvm::ArrayRef<char const*>, int&, swift::FrontendObserver*, swift::UnifiedStatsReporter*) + 45977
15 swift                    0x0000000106821474 swift::performFrontend(llvm::ArrayRef<char const*>, char const*, void*, swift::FrontendObserver*) + 6868
16 swift                    0x00000001067affb3 main + 1219
17 libdyld.dylib            0x00007fff7b9423d5 start + 1
Segmentation fault: 11
@belkadan
Copy link
Contributor

belkadan commented Jul 9, 2019

cc @milseman

@swift-ci swift-ci transferred this issue from apple/swift-issues Apr 25, 2022
@AnthonyLatsis AnthonyLatsis added the crash Bug: A crash, i.e., an abnormal termination of software label Dec 12, 2022
natecook1000 added a commit to natecook1000/swift that referenced this issue May 13, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current capacity
for native strings or the UTF-8 count for non-native strings as the
minimum. At the same time, it removes a growth factor from that
calculation, as the appropriate growth is already being factored in
upstream at all call sites.

rdar://109275875
Fixes apple#53483.
natecook1000 added a commit to natecook1000/swift that referenced this issue May 13, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. At the same time, it removes a growth factor
from that calculation, as the appropriate growth is already being
factored in upstream at all call sites.

rdar://109275875
Fixes apple#53483
natecook1000 added a commit that referenced this issue May 17, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes #53483
natecook1000 added a commit to natecook1000/swift that referenced this issue May 17, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes apple#53483
@AnthonyLatsis AnthonyLatsis added String Area → standard library: The `String` type swift 5.9 and removed run-time crash Bug → crash: Swift code crashed during execution labels May 17, 2023
natecook1000 added a commit to natecook1000/swift that referenced this issue May 17, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes apple#53483
meg-gupta pushed a commit to meg-gupta/swift that referenced this issue May 22, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes apple#53483
NuriAmari pushed a commit to NuriAmari/swift that referenced this issue May 28, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes apple#53483
stephentyrone pushed a commit that referenced this issue Jun 1, 2023
When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes #53483
stephentyrone pushed a commit that referenced this issue Jul 25, 2023
* [stdlib] Fix String.reserveCapacity underallocation (#65902)

When called on a string that is not uniquely referenced,
`String.reserveCapacity(_:)` ignores the current capacity, using
the passed-in capacity for the size of its new storage. This can
result in an underallocation and write past the end of the new
buffer.

This fix changes the new size calculation to use the current UTF-8
count as the minimum. Non-native or non-unique strings
now allocate the requested capacity (or space enough for the
current contents, if that's larger than what's requested).

rdar://109275875
Fixes #53483

* Fix String capacity growth tests for watchOS

watchOS devices can have different allocation characteristics
from other devices. This modifies the string capacity growth
tests to be more flexible about measuring the growth in
capacity, specifically when more is allocated than requested.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. crash Bug: A crash, i.e., an abnormal termination of software standard library Area: Standard library umbrella String Area → standard library: The `String` type swift 5.9
Projects
None yet
3 participants