https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65173
--- Comment #8 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Note that the tests z1.f90 and z8.f90 fail in a different way:
pr65173_3.f90:3:39:
character(:), allocatable :: x(n)
1
Error: Allocatable component of structure at (1) must have a deferred shape
=================================================================
==24015==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400000cbf8
at pc 0x0001002b5734 bp 0x7fff5fbfe660 sp 0x7fff5fbfe658
READ of size 8 at 0x60400000cbf8 thread T0
#0 0x1002b5733 in check_host_association(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002b5733)
#1 0x1002ae1d7 in gfc_resolve_expr(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002ae1d7)
#2 0x10000e80a
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10000e80a)
#3 0x100014067 in gfc_resolve_array_spec(gfc_array_spec*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100014067)
#4 0x1002a2754 in resolve_component(gfc_component*, gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2754)
#5 0x1002a5440 in resolve_fl_derived0(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a5440)
#6 0x1002a61bd in resolve_fl_derived(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a61bd)
#7 0x1002966c8 in resolve_symbol(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002966c8)
#8 0x10032dacc in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10032dacc)
#9 0x100345881 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100345881)
#10 0x1002d51ed in resolve_types(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002d51ed)
#11 0x100293315 in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100293315)
#12 0x100223cdc in resolve_all_program_units(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100223cdc)
#13 0x10023e38e in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e38e)
#14 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
#15 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
#16 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
#17 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
#18 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
#19 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
#20 0xd
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)
0x60400000cbf8 is located 40 bytes inside of 48-byte region
[0x60400000cbd0,0x60400000cc00)
freed by thread T0 here:
#0 0x15078e690 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.3.dylib+0x53690)
#1 0x10033ce36 in gfc_delete_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10033ce36)
#2 0x1003511bf in gfc_restore_last_undo_checkpoint()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003511bf)
#3 0x1003515bd in gfc_undo_symbols()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003515bd)
#4 0x1002241ee in reject_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002241ee)
#5 0x100224373 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224373)
#6 0x1002322bd in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd)
#7 0x10023427b in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b)
#8 0x100234af9 in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9)
#9 0x10023679d in parse_derived()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d)
#10 0x100238b9b in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b)
#11 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
#12 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)
#13 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
#14 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
#15 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
#16 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
#17 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
#18 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
#19 0xd
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)
previously allocated by thread T0 here:
#0 0x15078da49 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x52a49)
#1 0x1054f169b in xcalloc
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1054f169b)
#2 0x10033cb5f in gfc_new_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10033cb5f)
#3 0x1003402fc in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003402fc)
#4 0x1003415fa in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003415fa)
#5 0x100256d2d in gfc_match_rvalue(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100256d2d)
#6 0x1001b2b5e in match_primary(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2b5e)
#7 0x1001b2d91 in match_level_1(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2d91)
#8 0x1001b304b in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b304b)
#9 0x1001b3673 in match_add_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3673)
#10 0x1001b3d70 in match_level_2(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3d70)
#11 0x1001b4135 in match_level_3(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4135)
#12 0x1001b4425 in match_level_4(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4425)
#13 0x1001b4cff in match_and_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4cff)
#14 0x1001b4f38 in match_or_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4f38)
#15 0x1001b5236 in match_equiv_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5236)
#16 0x1001b5534 in match_level_5(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5534)
#17 0x1001b27ce in gfc_match_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b27ce)
#18 0x100011566
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100011566)
#19 0x1000149bd
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000149bd)
#20 0x1000ab738 in variable_decl(int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ab738)
#21 0x1000ae155 in gfc_match_data_decl()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ae155)
#22 0x100224306 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224306)
#28 0x10023c78b in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b)
#29 0x10023e350 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350)
SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002b5733)
in check_host_association(gfc_expr*)
Shadow bytes around the buggy address:
0x1c0800001920: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c0800001930: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c0800001940: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c0800001950: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x1c0800001960: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x1c0800001970: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd[fd]
0x1c0800001980: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x1c0800001990: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c08000019a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c08000019b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c08000019c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==24015==ABORTING
f951: internal compiler error: Abort trap: 6
gfcg: internal compiler error: Abort trap: 6 (program f951)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
