[SR-5292] Another Data slice-related crash #3842
Comments
|
@swift-ci create |
|
my guess is this is a duplicate of the same issue for rdar://problem/32982494 which slicing did not handle relative adjustments in RangeExpressions. suffix is a method provided by the protocol for Collection; if you can verify that it does not reproduce with the following adjustment I am certain it is the same issue: Unfortunately RangeExpression's relative(to: R) method was a bit ambiguous with its documentation so we were incorrectly using the API in Data. |
|
ASAN catches this in one pass |
|
This code still crashes on Xcode 9 beta 2: import Foundation
extension Data {
func suffix_fix(_ count: Int) -> Data { return self[(endIndex - count)..<endIndex] }
}
for i in 0..<Int.max {
print("attempt number \(i)")
var data1 = Data()
let data2 = Data(count: 101582)
data1.append(data2.suffix_fix(8))
}I will try it on the trunk later, but as I am still waiting for it to compile, it will be a while before I can. |
|
hmm looking at it more is we are missing the passed end range for that specific append variant |
|
one neat trick: using swift-corelibs-foundation you can easily test most of Data's behavior without needing to build the whole swift toolchain. It makes testing and iteration pretty painless (unless you need to worry about objc interoperation) |
|
I added an additional fix for the slice range append to apple/swift#10584 it now passes ASAN for a reduced version of the failure (without needing to allocate such a large region) |
|
2 for 4 here. First two times I tried it, it crashed; second two times I tried it, it didn't. |
|
you need the remainder of the fix in that pr |
|
Okay, compiling again. See you after this all finishes. |
|
added #1076 for swift-corelibs-foundation |
|
Okay, using the real SDK as instructed in the wrong thread: $ ./swiftc -sdk /Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk test.swift
$ ./test
attempt number 0
Segmentation fault: 11So, the crash is still in there even with the new additions to the repository that were added this evening. |
|
Comment by Garric Nahapetian (JIRA) Resolved? apple/swift#10584 |
|
Yep. |
) * Private members may not satisfy protocol requirements, ever. ...because by construction they can be invoked from outside of the type. Finishing up SE-0025 ('private' and 'fileprivate'). * Update docs and mark SE-0025 ('private' and 'fileprivate') as done! There's still improvements we can make (see f2192f0f), but the feature is in place and should be working correctly.
Environment
Xcode 9 beta 2; build 9M137d
Additional Detail from JIRA
md5: 668b3bfde9322352f6ec59455f0a29b2
Issue Description:
If you attempt to append a Data object to another Data object, and that Data object is a slice of a larger Data object that is at least 101,582 bytes large, your app will non-reproducibly crash (although if you put it in a loop, it will happen quickly enough). The code below will demonstrate:
If the slice is wrapped in a Data, as in "data1.append(Data(data2.suffix(8)))", the crash does not occur.
The text was updated successfully, but these errors were encountered: