https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68987
Bug ID: 68987
Summary: double free or corruption in _gfortran_st_write_done
when a write statement to an internal file uses an
invalid format and the ERR= specifier appears.
Product: gcc
Version: 5.3.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libfortran
Assignee: unassigned at gcc dot gnu.org
Reporter: mathewc at nag dot co.uk
Target Milestone: ---
I'm using
> gfortran --version
GNU Fortran (GCC) 5.3.1 20151207 (Red Hat 5.3.1-2)
on
> uname -a
Linux cuivienen.nag.co.uk 4.2.7-300.fc23.x86_64 #1 SMP Wed Dec 9 22:28:30 UTC
2015 x86_64 x86_64 x86_64 GNU/Linux
> /lib/libc.so.6
GNU C Library (GNU libc) stable release version 2.22, by Roland McGrath et al.
...
Compiled by GNU CC version 5.1.1 20150618 (Red Hat 5.1.1-4).
and then with
> cat foo.f90 && gfortran foo.f90 && ./a.out
Program foo
Call s('(foo)')
End Program
Subroutine s(fmt)
Character (*) :: fmt
Character (1) :: c
Integer :: i
Write (c, fmt, Iostat=i) 42
If (i==0) Stop 'FAIL1'
Write (c, fmt, Err=100) 42
Stop 'FAIL2'
100 Continue
Print *, 'ok'
End Subroutine
*** Error in `./a.out': double free or corruption (out): 0x0000000001050360 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77e35)[0x2b46ad0cae35]
/lib64/libc.so.6(+0x8051a)[0x2b46ad0d351a]
/lib64/libc.so.6(cfree+0x4c)[0x2b46ad0d6ccc]
/lib64/libgfortran.so.3(_gfortran_st_write_done+0x7b)[0x2b46ac6bcdab]
./a.out[0x400a0a]
./a.out[0x400a9e]
./a.out[0x400ad5]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x2b46ad073580]
./a.out[0x4007b9]
======= Memory map: ========
00400000-00401000 r-xp 00000000 00:2b 43527338
/fserver/mathewc/test_f/a.out
00600000-00601000 r--p 00000000 00:2b 43527338
/fserver/mathewc/test_f/a.out
00601000-00602000 rw-p 00001000 00:2b 43527338
/fserver/mathewc/test_f/a.out
0104d000-0106e000 rw-p 00000000 00:00 0 [heap]
2b46ac3ac000-2b46ac3cd000 r-xp 00000000 fd:01 1315819
/usr/lib64/ld-2.22.so
2b46ac3cd000-2b46ac3cf000 rw-p 00000000 00:00 0
2b46ac3ec000-2b46ac3ef000 rw-p 00000000 00:00 0
2b46ac5cc000-2b46ac5cd000 r--p 00020000 fd:01 1315819
/usr/lib64/ld-2.22.so
2b46ac5cd000-2b46ac5ce000 rw-p 00021000 fd:01 1315819
/usr/lib64/ld-2.22.so
2b46ac5ce000-2b46ac5cf000 rw-p 00000000 00:00 0
2b46ac5cf000-2b46ac6f7000 r-xp 00000000 fd:01 1321356
/usr/lib64/libgfortran.so.3.0.0
2b46ac6f7000-2b46ac8f7000 ---p 00128000 fd:01 1321356
/usr/lib64/libgfortran.so.3.0.0
2b46ac8f7000-2b46ac8f9000 r--p 00128000 fd:01 1321356
/usr/lib64/libgfortran.so.3.0.0
2b46ac8f9000-2b46ac8fb000 rw-p 0012a000 fd:01 1321356
/usr/lib64/libgfortran.so.3.0.0
2b46ac8fb000-2b46ac9fc000 r-xp 00000000 fd:01 1321296
/usr/lib64/libm-2.22.so
2b46ac9fc000-2b46acbfb000 ---p 00101000 fd:01 1321296
/usr/lib64/libm-2.22.so
2b46acbfb000-2b46acbfc000 r--p 00100000 fd:01 1321296
/usr/lib64/libm-2.22.so
2b46acbfc000-2b46acbfd000 rw-p 00101000 fd:01 1321296
/usr/lib64/libm-2.22.so
2b46acbfd000-2b46acc13000 r-xp 00000000 fd:01 1312410
/usr/lib64/libgcc_s-5.3.1-20151207.so.1
2b46acc13000-2b46ace12000 ---p 00016000 fd:01 1312410
/usr/lib64/libgcc_s-5.3.1-20151207.so.1
2b46ace12000-2b46ace13000 r--p 00015000 fd:01 1312410
/usr/lib64/libgcc_s-5.3.1-20151207.so.1
2b46ace13000-2b46ace14000 rw-p 00016000 fd:01 1312410
/usr/lib64/libgcc_s-5.3.1-20151207.so.1
2b46ace14000-2b46ace52000 r-xp 00000000 fd:01 1312475
/usr/lib64/libquadmath.so.0.0.0
2b46ace52000-2b46ad051000 ---p 0003e000 fd:01 1312475
/usr/lib64/libquadmath.so.0.0.0
2b46ad051000-2b46ad052000 r--p 0003d000 fd:01 1312475
/usr/lib64/libquadmath.so.0.0.0
2b46ad052000-2b46ad053000 rw-p 0003e000 fd:01 1312475
/usr/lib64/libquadmath.so.0.0.0
2b46ad053000-2b46ad20a000 r-xp 00000000 fd:01 1321289
/usr/lib64/libc-2.22.so
2b46ad20a000-2b46ad40a000 ---p 001b7000 fd:01 1321289
/usr/lib64/libc-2.22.so
2b46ad40a000-2b46ad40e000 r--p 001b7000 fd:01 1321289
/usr/lib64/libc-2.22.so
2b46ad40e000-2b46ad410000 rw-p 001bb000 fd:01 1321289
/usr/lib64/libc-2.22.so
2b46ad410000-2b46ad414000 rw-p 00000000 00:00 0
2b46b0000000-2b46b0021000 rw-p 00000000 00:00 0
2b46b0021000-2b46b4000000 ---p 00000000 00:00 0
7ffdd7827000-7ffdd7848000 rw-p 00000000 00:00 0
[stack]
7ffdd785d000-7ffdd785f000 r--p 00000000 00:00 0 [vvar]
7ffdd785f000-7ffdd7861000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Program received signal SIGABRT: Process abort signal.
Backtrace for this error:
#0 0x2B46AC5EAD58
#1 0x2B46AC5E9EE0
#2 0x2B46AD087B1F
#3 0x2B46AD087A98
#4 0x2B46AD089699
#5 0x2B46AD0CAE39
#6 0x2B46AD0D3519
#7 0x2B46AD0D6CCB
#8 0x2B46AC6BCDAA
#9 0x400A09 in s_
#10 0x400A9D in MAIN__ at foo.f90:?
Abort (core dumped)
I.e., an invalid Write with Iostat= is OK, but crashes if Err= is used instead.
This used to work with, if I recall, 5.1.1 (which was the previous version
number on my system before a recent upgrade).
