[Bug libfortran/62188] Array bounds overrun in bessel_yn_r4/8/16 and other functions

[kargl at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62188

kargl at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-08-19
                 CC|                            |kargl at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #1 from kargl at gcc dot gnu.org ---
Confirmed.  I assume you found this by using a libc with
a malloc that has buffer overflow detection.  The obvious
patch is 

Index: m4/bessel.m4
===================================================================
--- m4/bessel.m4        (revision 213593)
+++ m4/bessel.m4        (working copy)
@@ -163,7 +163,7 @@ bessel_yn_r'rtype_kind` ('rtype` * const

   x2rev = GFC_REAL_'rtype_kind`_LITERAL(2.)/x;

-  for (i = 2; i <= n1+n2; i++)
+  for (i = 2; i <= n2 - n1; i++)
     {
 #if defined('rtype_name`_INFINITY)
       if (unlikely (last2 == -'rtype_name`_INFINITY))

I'll commit this later.