From 81e58cf3d5f2fc6cb21c955f3190eabacc309c12 Mon Sep 17 00:00:00 2001 From: Brandon Lucas Date: Sun, 22 Feb 2026 23:59:47 -0500 Subject: [PATCH] Fix Option pattern match double-dereference in C codegen LuxString is typedef char* but the codegen treated it as a struct type, generating *(LuxString*)(field0) instead of (LuxString)(field0). This caused a heap-buffer-overflow on any Option pattern match since it read the string contents as a memory address. Co-Authored-By: Claude Opus 4.6 --- src/codegen/c_backend.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/codegen/c_backend.rs b/src/codegen/c_backend.rs index 3050bdc..33e8714 100644 --- a/src/codegen/c_backend.rs +++ b/src/codegen/c_backend.rs @@ -5316,11 +5316,12 @@ impl CBackend { if Self::is_primitive_c_type(&actual_type) { // For primitive types stored as boxed void*, dereference self.writeln(&format!("{} {} = *({}*)({});", actual_type, var_name, actual_type, c_expr)); - } else if !actual_type.ends_with('*') && actual_type != "void" { + } else if actual_type == "LuxString" || actual_type.ends_with('*') || actual_type == "void" { + // Pointer types (including LuxString which is typedef char*): simple cast + self.writeln(&format!("{} {} = ({})({});", actual_type, var_name, actual_type, c_expr)); + } else { // Struct types: cast to pointer and dereference self.writeln(&format!("{} {} = *({}*)({});", actual_type, var_name, actual_type, c_expr)); - } else { - self.writeln(&format!("{} {} = ({})({});", actual_type, var_name, actual_type, c_expr)); } self.var_types.insert(var_name.clone(), actual_type); } else if actual_type.ends_with('*') && actual_type != "void*" {