------- Comment #3 from burnus at gcc dot gnu dot org 2008-02-05 17:13 -------
==25387== Invalid free() / delete / delete[]
==25387== at 0x4C2430F: free (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==25387== by 0x414BE9: gfc_assign_data_value (data.c:332)
==25387== by 0x460C48: traverse_data_var (resolve.c:8253)
==25387== by 0x46264D: resolve_types (resolve.c:8435)
That is the last mpz_clear in:
mpz_t size;
if (spec_size (ref->u.ar.as, &size) == SUCCESS
&& mpz_cmp (offset, size) >= 0)
{
mpz_clear (size);
gfc_error ("Data element above array upper bound at %L",
&lvalue->where);
return FAILURE;
}
mpz_clear (size);
The problem is that array.c's spec_size clears "size" (or "result" as it is
called there) if it returns FAILURE.
Patch (ignoring needed white-space changes):
Index: data.c
===================================================================
--- data.c (Revision 132124)
+++ data.c (Arbeitskopie)
@@ -321,8 +321,9 @@ gfc_assign_data_value (gfc_expr *lvalue,
else
{
mpz_t size;
- if (spec_size (ref->u.ar.as, &size) == SUCCESS
- && mpz_cmp (offset, size) >= 0)
+ if (spec_size (ref->u.ar.as, &size) == SUCCESS)
+ {
+ if (mpz_cmp (offset, size) >= 0)
{
mpz_clear (size);
gfc_error ("Data element above array upper bound at %L",
@@ -331,6 +332,7 @@ gfc_assign_data_value (gfc_expr *lvalue,
}
mpz_clear (size);
}
+ }
/* Splay tree containing offset and gfc_constructor. */
spt = expr->con_by_offset;
--
burnus at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |burnus at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35093
