Closed perimosocordiae closed 2 years ago
At the point where the pointer difference happens, ptr == 0xaaaaaaaaaaaaaa11
and line.data == 0x2b6d110
(or some other random-ish value). Looks like the corruption happens when the pointer is incremented.
Nope, prior to the += 1
we have ptr == 0xaaaaaaaaaaaaaa10
.
debug builds write 0xaa
to uninitialized memory in base::untyped_buffer
s. I'm guessing there's a misinterpretation of the values going on, where an integer
is being interpreted as an i64
.
This is breaking code in the stdlib/string/match.ic module, like the
Match
functions.Repro:
Output from running the above program 6 times in a row, with no changes to the source: