find_array_element in expr.c has
if ((ar->as->upper[i]
&& ar->as->upper[i]->expr_type == EXPR_CONSTANT
&& mpz_cmp (e->value.integer,
ar->as->upper[i]->value.integer) > 0)
|| (ar->as->lower[i]->expr_type == EXPR_CONSTANT
&& mpz_cmp (e->value.integer,
ar->as->lower[i]->value.integer) < 0))
{
gfc_error ("Index in dimension %d is out of bounds "
"at %L", i + 1, &ar->c_where[i]);
cons = NULL;
t = FAILURE;
goto depart;
}
mpz_sub (delta, e->value.integer, ar->as->lower[i]->value.integer);
mpz_mul (delta, delta, span);
mpz_add (offset, offset, delta);
mpz_set_ui (tmp, 1);
mpz_add (tmp, tmp, ar->as->upper[i]->value.integer);
mpz_sub (tmp, tmp, ar->as->lower[i]->value.integer);
mpz_mul (span, span, tmp);
But it never checks if ar->as->upper[i]->value.integer and
ar->as->lower[i]->value.integer are valid.
I added
--- ./expr.c.foo 2008-09-10 14:09:45.000000000 -0700
+++ ./expr.c 2008-09-10 14:10:13.000000000 -0700
@@ -1050,6 +1050,9 @@ find_array_element (gfc_constructor *con
goto depart;
}
+ gcc_assert (ar->as->lower[i]->expr_type == EXPR_CONSTANT
+ && ar->as->upper[i]->expr_type == EXPR_CONSTANT);
+
mpz_sub (delta, e->value.integer, ar->as->lower[i]->value.integer);
mpz_mul (delta, delta, span);
mpz_add (offset, offset, delta);
and got
Starting program: /export/build/gnu/gcc-work/build-x86_64-linux/gcc/f951
/export/gnu/src/gcc-work/gcc/gcc/testsuite/gfortran.dg/parameter_array_init_3.f90
-quiet -dumpbase parameter_array_init_3.f90 -mtune=generic -auxbase
parameter_array_init_3 -O -pedantic-errors -version -o parameter_array_init_3.s
-fintrinsic-modules-path finclude
GNU Fortran (GCC) version 4.4.0 20080910 (experimental) [trunk revision 140249]
(x86_64-unknown-linux-gnu)
compiled by GNU C version 4.3.0 20080428 (Red Hat 4.3.0-8), GMP version
4.2.2, MPFR version 2.3.1.
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
Breakpoint 1, fancy_abort (
file=0xf28e68 "/export/gnu/src/gcc-work/gcc/gcc/fortran/expr.c",
line=1054, function=0xf28e20 "find_array_element")
at /export/gnu/src/gcc-work/gcc/gcc/diagnostic.c:712
712 internal_error ("in %s, at %s:%d", function, trim_filename (file),
line);
(gdb) f 1
#1 0x000000000042a08f in find_array_element (cons=0x158e0a0, ar=0x1590218,
rval=0x7fffffffd6f0)
at /export/gnu/src/gcc-work/gcc/gcc/fortran/expr.c:1053
1053 gcc_assert (ar->as->lower[i]->expr_type == EXPR_CONSTANT
(gdb) p *ar->as->upper[i]
$3 = {expr_type = EXPR_FUNCTION, ts = {type = BT_UNKNOWN, kind = 0,
derived = 0x0, cl = 0x0, interface = 0x0, is_c_interop = 0, is_iso_c = 0,
f90_type = BT_UNKNOWN}, rank = 0, shape = 0x0, symtree = 0x1533ef0,
ref = 0x0, where = {nextc = 0x15868a8, lb = 0x1586800},
inline_noncopying_intrinsic = 0, is_boz = 0, con_by_offset = 0x0,
representation = {length = 0, string = 0x0}, value = {logical = 22234240,
iokind = 22234240, integer = {{_mp_alloc = 22234240, _mp_size = 0,
_mp_d = 0x0}}, real = {{_mpfr_prec = 22234240, _mpfr_sign = 0,
_mpfr_exp = 0, _mpfr_d = 0x0}}, complex = {r = {{
_mpfr_prec = 22234240, _mpfr_sign = 0, _mpfr_exp = 0,
_mpfr_d = 0x0}}, i = {{_mpfr_prec = 0, _mpfr_sign = 0,
_mpfr_exp = 0, _mpfr_d = 0x0}}}, op = {op = 22234240, uop = 0x0,
op1 = 0x0, op2 = 0x0}, function = {actual = 0x1534480, name = 0x0,
isym = 0x0, esym = 0x0}, compcall = {actual = 0x1534480, tbp = 0x0,
name = 0x0}, character = {length = 22234240, string = 0x0},
constructor = 0x1534480}}
(gdb)
--
Summary: Invalid GMP usage
Product: gcc
Version: 4.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: hjl dot tools at gmail dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37469
