View Issue Details

IDProjectCategoryView StatusLast Update
0038413FPCCompilerpublic2021-01-28 21:56
ReporterIvan Polyacov Assigned ToFlorian  
Status resolvedResolutionfixed 
PlatformLinuxOSLinux Mint 
Product Version3.3.1 
Fixed in Version3.3.1 
Summary0038413: Wrong address calculation when indexing an array with negative low bound
DescriptionWhen array's low bound is negative (like array[-1..X]) and variable used to index it is unsigned (like byte), it is treated as signed when calculating target address.
This cause access to wrong memory and may lead to data damage, access violation etc.
This happens in both 32-bit and 64-bit modes, reproduced on Windows and Linux.
Steps To Reproduce var
  arr : array[-1..140] of byte=(4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,
  index , value : byte; // unsigned byte - important
  index:=133; // positive value, which is treated as negative
  value:=arr[index]; // wrong value! Memory access outside array
TagsNo tags attached.
Fixed in Revision48449
Attached Files



2021-01-28 14:17

reporter   ~0128637

Last edited: 2021-01-28 14:40

View 2 revisions

FPC3.2 has the same bug.
but it works with explicit promotion:


2021-01-28 19:05

reporter   ~0128643

Also, the compiler should probably emit a warning (or hint) stating that the negatively indexed elements of the array cannot be accessed using an unsigned type.

Issue History

Date Modified Username Field Change
2021-01-28 10:15 Ivan Polyacov New Issue
2021-01-28 14:17 nanobit Note Added: 0128637
2021-01-28 14:40 nanobit Note Edited: 0128637 View Revisions
2021-01-28 19:05 440bx Note Added: 0128643
2021-01-28 21:56 Florian Assigned To => Florian
2021-01-28 21:56 Florian Status new => resolved
2021-01-28 21:56 Florian Resolution open => fixed
2021-01-28 21:56 Florian Fixed in Version => 3.3.1
2021-01-28 21:56 Florian Fixed in Revision => 48449
2021-01-28 21:56 Florian FPCTarget => -