misc.c:193

dominiq at lps dot ens.fr Tue, 15 Nov 2016 03:21:07 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78350


Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2016-11-15
     Ever confirmed|0                           |1

--- Comment #2 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
The code in comment 0 compiles with all the version I have tested except 4.9.3
which gives

end
   1
Internal Error at (1):
gfc_code2string(): Bad code

and an instrumented version (r239704) which gives

==88942==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400000cd90
at pc 0x0001001d05a2 bp 0x7fff5fbfe770 sp 0x7fff5fbfe768
READ of size 8 at 0x60400000cd90 thread T0
    #0 0x1001d05a1 in mio_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d05a1)
    #1 0x1001d1948 in mio_charlen(gfc_charlen**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d1948)
    #2 0x1001d0216 in mio_typespec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d0216)
    #3 0x1001d04ab in mio_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d04ab)
    #4 0x1001d3d70 in mio_component(gfc_component*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d3d70)
    #5 0x1001d40de in mio_component_list(gfc_component**, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d40de)
    #6 0x1001d7dc4 in mio_symbol(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d7dc4)
    #7 0x1001d8921 in write_symbol(int, gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001d8921)
    #8 0x1001e0b22 in write_symbol0(gfc_symtree*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001e0b22)
    #9 0x1001e1103 in write_module()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001e1103)
    #10 0x1001e1552 in dump_module(char const*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001e1552)
    #11 0x1001e1c32 in gfc_dump_module(char const*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001e1c32)
    #12 0x10023e980 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e980)
    #13 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #14 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #15 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #16 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #17 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #18 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #19 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

0x60400000cd90 is located 0 bytes inside of 48-byte region
[0x60400000cd90,0x60400000cdc0)
freed by thread T0 here:
    #0 0x15078e690 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.3.dylib+0x53690)
    #1 0x1002a88e0 in resolve_structure_cons(gfc_expr*, int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a88e0)
    #2 0x1002e2aeb in resolve_values(gfc_symbol*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002e2aeb)
    #3 0x10032dacc in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10032dacc)
    #4 0x100345881 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100345881)
    #5 0x1002d548d in resolve_types(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002d548d)
    #6 0x100293315 in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100293315)
    #7 0x10023e6ac in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e6ac)
    #8 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)
    #9 0x103bf0124 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124)
    #10 0x103bf92ee in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee)
    #11 0x10568dc2f in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f)
    #12 0x105692be5 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5)
    #13 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254)
    #14 0xd 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd)

previously allocated by thread T0 here:
    #0 0x15078da49 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x52a49)
    #1 0x1054f169b in xcalloc
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1054f169b)
    #2 0x100342918 in gfc_new_charlen(gfc_namespace*, gfc_charlen*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100342918)
    #3 0x100091190 in gfc_match_char_spec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100091190)
    #4 0x1001a1666 in gfc_match_type_spec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001a1666)
    #5 0x100017d4e 
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100017d4e)
    #6 0x1001b2b51 in match_primary(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2b51)
    #7 0x1001b2d91 in match_level_1(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b2d91)
    #8 0x1001b304b in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b304b)
    #9 0x1001b3673 in match_add_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3673)
    #10 0x1001b3d70 in match_level_2(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b3d70)
    #11 0x1001b4135 in match_level_3(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4135)
    #12 0x1001b4425 in match_level_4(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4425)
    #13 0x1001b4cff in match_and_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4cff)
    #14 0x1001b4f38 in match_or_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b4f38)
    #15 0x1001b5236 in match_equiv_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5236)
    #16 0x1001b5534 in match_level_5(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b5534)
    #17 0x1001b27ce in gfc_match_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1001b27ce)
    #18 0x1000f19f1 in gfc_match_init_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000f19f1)
    #19 0x1000ad7c6 in variable_decl(int)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ad7c6)
    #20 0x1000ae155 in gfc_match_data_decl()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000ae155)
    #21 0x100224306 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224306)
    #22 0x1002322bd in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd)
    #23 0x10023427b in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b)
    #24 0x100234af9 in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9)
    #25 0x10023679d in parse_derived()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d)
    #26 0x100238b9b in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b)
    #27 0x10023dc15 in parse_module()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023dc15)
    #28 0x10023e830 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e830)
    #29 0x10038020a in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a)

[Bug fortran/78350] ICE in gfc_code2string(): Bad code, at fortran/misc.c:193

Reply via email to