From 3650b81970bb8feb254ce553c59e3b94550acaf8 Mon Sep 17 00:00:00 2001 From: Christoffer Lerno Date: Tue, 15 Jul 2025 21:47:42 +0200 Subject: [PATCH] Segfault when failing to cast subexpression to 'isz' in pointer subtraction #2305. --- releasenotes.md | 1 + src/compiler/sema_expr.c | 2 +- test/test_suite/expressions/sub_pointer_cast_fail.c3 | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 test/test_suite/expressions/sub_pointer_cast_fail.c3 diff --git a/releasenotes.md b/releasenotes.md index 3abee118c..0bb461455 100644 --- a/releasenotes.md +++ b/releasenotes.md @@ -52,6 +52,7 @@ - Resize bug when resizing memory down in ArenaAllocator, DynamicArenaAllocator, BackedArenaAllocator. - Error message for missing arg incorrect for methods with zero args #2296. - Fix stringify of $vaexpr #2301. +- Segfault when failing to cast subexpression to 'isz' in pointer subtraction #2305. ### Stdlib changes - Improve contract for readline. #2280 diff --git a/src/compiler/sema_expr.c b/src/compiler/sema_expr.c index 92524168d..d42ffb3df 100644 --- a/src/compiler/sema_expr.c +++ b/src/compiler/sema_expr.c @@ -7352,7 +7352,7 @@ static bool sema_expr_analyse_sub(SemaContext *context, Expr *expr, Expr *left, } // 6. Convert to isz - if (!cast_implicit_binary(context, right, offset_type, failed_ref)) return true; + if (!cast_implicit_binary(context, right, offset_type, failed_ref)) return false; if (left->expr_kind == EXPR_POINTER_OFFSET) { diff --git a/test/test_suite/expressions/sub_pointer_cast_fail.c3 b/test/test_suite/expressions/sub_pointer_cast_fail.c3 new file mode 100644 index 000000000..0e0c85c97 --- /dev/null +++ b/test/test_suite/expressions/sub_pointer_cast_fail.c3 @@ -0,0 +1,11 @@ +fn int main() +{ + int ctrl = 0; + char* op; + if (ctrl >= 32) + { + uint len = (ctrl >> 5) - 1; + char* ref = op - ((ctrl & 31) << 8) - 1; // #error: an explicit cast to 'isz' + } + return 0; +} \ No newline at end of file