Attachment: Download

duplicates:

• SR-6515 Subdata of Data returned from URLSession is equal, but has different hash value

Issue Description:

PROLOGUE.

PICARD: Mr. Data. What is the current status of your positronic network?

DATA: Captain, I am a dispatch_data_t from Objective-C, which was toll-free bridged to an NSData object, and then bridged to Swift as a Data struct. Being a dispatch_data_t, I am composed of several non-contiguous blocks of data.

PICARD: Interesting. Can you enumerate the contents of your memory banks?

DATA: Certainly. "Felis." "Catus." "Is." "Your." "Taxonomic." "Nomenclature."

PICARD: Can you give your contents all at once?

DATA: "Felis catus is your taxonomic nomencl–" <crackle> Intriguing. That was a most unusual sensation.

PICARD: Mr. Data. Can you show us a slice of your contents?

DATA: I can attempt it, Captain. One moment while I—MASAKA IS WAKING. I AM IHAT.

Hey all, I've found another bug involving Data slices, probably the most involved one yet. As you can see from the (hopefully 😉) humorous prologue above, corruption occurs if you have a non-contiguous dispatch_data_t object in Objective-C, cast it to an NSData, return that to Swift as a Data struct, and then try to manipulate that Data as a collection, slice it, use withUnsafeBytes on it, or use anything to access it other than enumerateBytes.

I've attached a sample project, but here's how to do it at home:

DataMaker.m:

#import "DataMaker.h"
#include <dispatch/dispatch.h>

@implementation DataMaker

+ (NSData *)makeMeAData {
    dispatch_block_t dtor = DISPATCH_DATA_DESTRUCTOR_DEFAULT;
    
    dispatch_data_t data1 = dispatch_data_create("feliscatus", 10, nil, dtor);
    dispatch_data_t data2 = dispatch_data_create("isyour", 6, nil, dtor);
    dispatch_data_t data3 = dispatch_data_create("taxonomic", 9, nil, dtor);
    dispatch_data_t data4 = dispatch_data_create("nomenclature", 12, nil, dtor);
    dispatch_data_t data5 = dispatch_data_create_concat(dispatch_data_create_concat(
        dispatch_data_create_concat(data1, data2), data3), data4);
    
    return (NSData *)data5;
}

@end

main.swift:

import Foundation

let data = DataMaker.makeMeAData()!

data.enumerateBytes { ptr, idx, _ in
    print(String(decoding: ptr, as: UTF8.self))
}

print(String(decoding: data, as: UTF8.self))

let slice = data[(data.startIndex + 5)..<(data.endIndex - 5)]

print(String(decoding: slice, as: UTF8.self))

slice.withUnsafeBytes { (src: UnsafePointer<UInt8>) in
    let dst = UnsafeMutablePointer<UInt8>.allocate(capacity: slice.count)
    _ = memcpy(dst, src, slice.count)
    print(NSData(bytes: dst, length: slice.count))
    dst.deallocate(capacity: slice.count)
}

The output is as follows:

The printout of the slices provided by enumerateBytes looks as expected:

feliscatus
isyour
taxonomic
nomenclature

The version that we tried to convert to a String almost looks right, but is glitched near the end:

feliscatusisyourtaxonomicnomenclnomen

And once we slice it, things get really wild:

felis�����isyourtaxonomicno

<66656c69 73aaaaaa aaaa6973 796f7572 7461786f 6e6f6d69 636e6f

As you can see, not only does the slice not begin at "catus" as we would expect, but if Malloc Scribble is turned on, the part containing "catus" is replaced by AA bytes, as if the runtime is screaming. AAAAAAAAAA!!!

I hope you've found this report entertaining and/or helpful.