Segfault when failing to cast subexpression to 'isz' in pointer subtraction #2305.

2026-02-27 12:01:16 +00:00 · 2025-07-15 21:47:42 +02:00
parent bb6fcdfa6f
commit 3650b81970
3 changed files with 13 additions and 1 deletions
--- a/releasenotes.md
+++ b/releasenotes.md
@@ -52,6 +52,7 @@
 - Resize bug when resizing memory down in ArenaAllocator, DynamicArenaAllocator, BackedArenaAllocator.
 - Error message for missing arg incorrect for methods with zero args #2296.
 - Fix stringify of $vaexpr #2301.
+- Segfault when failing to cast subexpression to 'isz' in pointer subtraction #2305.

 ### Stdlib changes
 - Improve contract for readline. #2280
--- a/src/compiler/sema_expr.c
+++ b/src/compiler/sema_expr.c
@@ -7352,7 +7352,7 @@ static bool sema_expr_analyse_sub(SemaContext *context, Expr *expr, Expr *left,
 		}

 		// 6. Convert to isz
-		if (!cast_implicit_binary(context, right, offset_type, failed_ref)) return true;
+		if (!cast_implicit_binary(context, right, offset_type, failed_ref)) return false;

 		if (left->expr_kind == EXPR_POINTER_OFFSET)
 		{
--- a/test/test_suite/expressions/sub_pointer_cast_fail.c3
+++ b/test/test_suite/expressions/sub_pointer_cast_fail.c3
@@ -0,0 +1,11 @@
+fn int main()
+{
+	int ctrl = 0;
+	char* op;
+	if (ctrl >= 32)
+	{
+		uint len = (ctrl >> 5) - 1;
+        char* ref = op - ((ctrl & 31) << 8) - 1; // #error: an explicit cast to 'isz'
+	}
+	return 0;
+}