Skip to content

Fix #635: [Bug] Segmentation Fault in chaiscript::Boxed_Number::get_as via async result interpolation#652

Closed
leftibot wants to merge 1 commit into
ChaiScript:developfrom
leftibot:fix/issue-635-bug-segmentation-fault-in-chaiscript-box
Closed

Fix #635: [Bug] Segmentation Fault in chaiscript::Boxed_Number::get_as via async result interpolation#652
leftibot wants to merge 1 commit into
ChaiScript:developfrom
leftibot:fix/issue-635-bug-segmentation-fault-in-chaiscript-box

Conversation

@leftibot
Copy link
Copy Markdown
Contributor

@leftibot leftibot commented Apr 11, 2026

Automated fix by @leftibot.

What changed

Fix #635: Segfault in optimized for-loop when := copies stack-local variable
The optimized for-loop in chaiscript_optimizer.hpp stored the loop counter
as a stack-local int and exposed it to ChaiScript via var(&i), creating a
reference. When the := operator was used inside the loop body (e.g.
ret := i), it copied the raw pointers to this stack variable into the
target's Data. When the function returned via exception unwinding, the
stack frame was destroyed, leaving dangling pointers in the return value.
Accessing these pointers in the caller (e.g. via string interpolation)
caused a segfault. The fix heap-allocates the loop counter via
std::make_shared, so the data survives scope exit through
reference counting.
Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

Files

 .../chaiscript/language/chaiscript_optimizer.hpp    |  6 +++---
 unittests/future_assign.chai                        | 21 +++++++++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

Closes #635

Triggered by @lefticus.

@leftibot @claude
Fix ChaiScript#635: Segfault in optimized for-loop when := copies sta…
f1a0c2a 
…ck-local variable

The optimized for-loop in chaiscript_optimizer.hpp stored the loop counter
as a stack-local int and exposed it to ChaiScript via var(&i), creating a
reference. When the := operator was used inside the loop body (e.g.
ret := i), it copied the raw pointers to this stack variable into the
target's Data. When the function returned via exception unwinding, the
stack frame was destroyed, leaving dangling pointers in the return value.
Accessing these pointers in the caller (e.g. via string interpolation)
caused a segfault. The fix heap-allocates the loop counter via
std::make_shared<int>, so the data survives scope exit through
reference counting.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@lefticus lefticus mentioned this pull request Apr 11, 2026
Closed
@lefticus
Copy link
Copy Markdown
Member

lefticus commented Apr 11, 2026

closing in favor of #655

@lefticus lefticus closed this Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Segmentation Fault in chaiscript::Boxed_Number::get_as via async result interpolation

2 participants

@leftibot @lefticus