https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79524
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-02-15
Ever confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Compiling the test with an instrumented gfortran (r245058) gives
/opt/gcc/_clean/gcc/testsuite/gfortran.dg/fimplicit_none_2.f90:5:34:
character(*), parameter :: z(2) = [character(n) :: 'x', 'y'] ! { dg-error
"Scalar INTEGER expression expected" }
1
Error: Cannot initialize parameter array at (1) with variable length elements
=================================================================
==67652==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000000f78
at pc 0x0001003096af bp 0x7fff5fbfe910 sp 0x7fff5fbfe908
READ of size 8 at 0x604000000f78 thread T0
#0 0x1003096ae in check_host_association(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003096ae)
#1 0x100305593 in gfc_resolve_expr(gfc_expr*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100305593)
#2 0x1003194b5 in resolve_charlen(gfc_charlen*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003194b5)
#3 0x10033d8c7 in resolve_types(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10033d8c7)
#4 0x1002ec1e9 in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002ec1e9)
#5 0x1002773e4 in resolve_all_program_units(gfc_namespace*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002773e4)
#6 0x100292748 in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100292748)
#7 0x1003e8180 in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003e8180)
#8 0x104339598 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x104339598)
#9 0x10434208c in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10434208c)
#10 0x1061e1454 in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1061e1454)
#11 0x1061e6731 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1061e6731)
#12 0x7fffc2124254 in start (/usr/lib/system/libdyld.dylib+0x5254)
0x604000000f78 is located 40 bytes inside of 48-byte region
[0x604000000f50,0x604000000f80)
freed by thread T0 here:
#0 0x15241b8e0 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.4.dylib+0x638e0)
#1 0x1003a1bf1 in gfc_delete_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003a1bf1)
#2 0x1003b6c9d in gfc_restore_last_undo_checkpoint()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003b6c9d)
#3 0x1003b6e6c in gfc_undo_symbols()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003b6e6c)
#4 0x1002777d1 in reject_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002777d1)
#5 0x1002778d1 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002778d1)
#6 0x100282b73 in decode_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100282b73)
#7 0x100285088 in next_free()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100285088)
#8 0x10028594f in next_statement()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10028594f)
#9 0x10028aa38 in parse_spec(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10028aa38)
#10 0x1002908ef in parse_progunit(gfc_statement)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002908ef)
#11 0x10029270a in gfc_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10029270a)
#12 0x1003e8180 in gfc_be_parse_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003e8180)
#13 0x104339598 in compile_file()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x104339598)
#14 0x10434208c in do_compile()
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x10434208c)
#15 0x1061e1454 in toplev::main(int, char**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1061e1454)
#16 0x1061e6731 in main
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1061e6731)
#17 0x7fffc2124254 in start (/usr/lib/system/libdyld.dylib+0x5254)
previously allocated by thread T0 here:
#0 0x15241af60 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.4.dylib+0x62f60)
#1 0x105fb8031 in xcalloc
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x105fb8031)
#2 0x1003a1909 in gfc_new_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003a1909)
#3 0x1003a50f6 in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003a50f6)
#4 0x1003a64e3 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003a64e3)
#5 0x1002b0c75 in gfc_match_rvalue(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1002b0c75)
#6 0x1001bad62 in match_primary(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bad62)
#7 0x1001baffb in match_level_1(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001baffb)
#8 0x1001bb38c in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bb38c)
#9 0x1001bbbb4 in match_add_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bbbb4)
#10 0x1001bc5a4 in match_level_2(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bc5a4)
#11 0x1001bcad4 in match_level_3(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bcad4)
#12 0x1001bcf3e in match_level_4(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bcf3e)
#13 0x1001bde65 in match_and_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bde65)
#14 0x1001be10f in match_or_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001be10f)
#15 0x1001be569 in match_equiv_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001be569)
#16 0x1001be9ca in match_level_5(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001be9ca)
#17 0x1001ba879 in gfc_match_expr(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001ba879)
#18 0x100074295 in char_len_param_value(gfc_expr**, bool*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100074295)
#19 0x100082228 in gfc_match_char_spec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100082228)
#20 0x1001a6b52 in gfc_match_type_spec(gfc_typespec*)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001a6b52)
#21 0x100018b82
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x100018b82)
#22 0x1001bad55 in match_primary(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bad55)
#23 0x1001baffb in match_level_1(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001baffb)
#24 0x1001bb38c in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bb38c)
#25 0x1001bbbb4 in match_add_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bbbb4)
#26 0x1001bc5a4 in match_level_2(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bc5a4)
#27 0x1001bcad4 in match_level_3(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bcad4)
#28 0x1001bcf3e in match_level_4(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bcf3e)
#29 0x1001bde65 in match_and_operand(gfc_expr**)
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1001bde65)
SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin16.4.0/7.0.1/f951+0x1003096ae)
in check_host_association(gfc_expr*)
Shadow bytes around the buggy address:
0x1c0800000190: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
0x1c08000001a0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c08000001b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c08000001c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c08000001d0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
=>0x1c08000001e0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd[fd]
0x1c08000001f0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
0x1c0800000200: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x1c0800000210: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c0800000220: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa
0x1c0800000230: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==67652==ABORTING
f951: internal compiler error: Abort trap: 6
gfcg: internal compiler error: Abort trap: 6 (program f951)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
r245382 is OK. Note that the test expects the -fimplicit-none option. Do you
see the valgrind error with this option?
