[Bug fortran/54599] New: Issues found in gfortran by the Coverity Scan

Sun, 16 Sep 2012 04:03:03 -0700 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54599

             Bug #: 54599
           Summary: Issues found in gfortran by the Coverity Scan
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
        AssignedTo: unassig...@gcc.gnu.org
        ReportedBy: bur...@gcc.gnu.org
                CC: tkoe...@gcc.gnu.org


The following bugs were found by http://scan.coverity.com/ for gcc/fortran. I
walked through the list and extracted the following issues.


--------------------------------------------------------
dependency.c:        LOGICAL BUG (unreachable code)
--------------------------------------------------------
 401      if (l == 0)
 415      else
 416        {
 417          if (l != 0)

I think one of the "l" should be "r".


--------------------------------------------------------
dependency.c: check_data_pointer_types
--------------------------------------------------------
Same line twice:
 946  if (     expr1->expr_type != EXPR_VARIABLE
 947        || expr1->expr_type != EXPR_VARIABLE)


--------------------------------------------------------
interface.c: gfc_compare_derived_types     BUG
--------------------------------------------------------
Same line twice:
 450      if (     !(dt1->ts.type == BT_DERIVED && derived1 ==
dt1->ts.u.derived)
 451            && !(dt1->ts.type == BT_DERIVED && derived1 ==
dt1->ts.u.derived)


--------------------------------------------------------
openmp.c: gfc_resolve_do_iterator
--------------------------------------------------------
Dead code: Line 1705 is unreachable.
1690          for (j = 1; j < i; j++)

1702              if (j < i)
1703                break;
1704              do_code2 = do_code2->block->next;
1705            }



--------------------------------------------------------
cpp.c: print_line        BUG
--------------------------------------------------------
 841      if (loc.sysp == 2)
 843      else if (loc.sysp == 1)
Issue:
  sysp is "bool".


--------------------------------------------------------
interface.c: 
--------------------------------------------------------
CID 722306: Array compared against 0 (NO_EFFECT)
At (1): Comparing an array to null is not useful: "ref->u.ar.as->upper". 
2266      else if (ref->type == REF_ARRAY && ref->u.ar.type == AR_FULL
2267               && ref->u.ar.as->lower && ref->u.ar.as->upper)


--------------------------------------------------------
target-memory.c:
--------------------------------------------------------
At (4): Assigning: unsigned variable "len" = "gfc_target_expr_size(gfc_expr
*)".
643  len = gfc_target_expr_size (e);
CID 722280: Argument cannot be negative (NEGATIVE_RETURNS)
At (5): "len" is passed to a parameter that cannot be negative. 

Here, len = size_t (unsigned); should one use HOST_WIDE_INT + and gcc_assert?


--------------------------------------------------------
error.c: Side effect in assertion
--------------------------------------------------------
 547          gcc_assert (*format++ == '$');
 The containing function might work differently in a non-debug build.


--------------------------------------------------------
resolve.c
--------------------------------------------------------
Loop only executed once. Should break be continue?

7419  for (i = ar->dimen; i < ar->codimen + ar->dimen; i++)
7424          if (i == (ar->dimen + ar->codimen - 1))
7428              goto failure;
7429            }
7430          break;
7433      if (ar->dimen_type[i] == DIMEN_STAR && i == (ar->dimen + ar->codimen
- 1)
7434          && ar->stride[i] == NULL)
7435        break;
7439      goto failure;
7440    }


--------------------------------------------------------
interface.c: gfc_compare_derived_types
--------------------------------------------------------
First, one checks whether "derived1" is NULL, then one uses
it unconditionally. Add an assert - and remove the check?

 402  if (derived1 != NULL && derived2 != NULL
 411  if (strcmp (derived1->name, derived2->name))



RFC: Should we address the following two warnings?

--------------------------------------------------------
resolve.c:
--------------------------------------------------------
Potential buffer overflow?
4015          strcpy (msg, _("COMPLEX quantities cannot be compared at %L"));

Recall, _(...) is gettext() and returns a string from the translator's .po
file; msg is 200 bytes large, i.e. 50 4-byte characters.


--------------------------------------------------------
intrinsic.c: add_sym
--------------------------------------------------------
Possible-buffer-overflow warning.

--- a/gcc/fortran/intrinsic.c
+++ b/gcc/fortran/intrinsic.c
@@ -273,2 +273,3 @@ add_sym (const char *name, gfc_isym_id id, enum klass cl,
int actual_ok, bt type

+      gcc_assert (strlen (name) + 10 < sizeof (buf));
       strcpy (buf, "_gfortran_");

Reply via email to