https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79524
Vittorio Zecca <zeccav at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zeccav at gmail dot com
--- Comment #9 from Vittorio Zecca <zeccav at gmail dot com> ---
On sanitized current trunk, note I have line numbers.
~/local/gcc-150221-sanitized/bin/gfortran
~/gcc-150221/gcc/testsuite/gfortran.dg/fimplicit_none_2.f90 -S
/home/vitti/gcc-150221/gcc/testsuite/gfortran.dg/fimplicit_none_2.f90:5:34:
5 | character(*), parameter :: z(2) = [character(n) :: 'x', 'y'] ! {
dg-error "Scalar INTEGER expression expected" }
| 1
Error: Cannot initialize parameter array at (1) with variable length elements
=================================================================
==130180==ERROR: AddressSanitizer: heap-use-after-free on address
0x604000001628 at pc 0x0000008c1918 bp 0x7ffceba92260 sp 0x7ffceba92258
READ of size 8 at 0x604000001628 thread T0
#0 0x8c1917 in gfc_resolve_expr(gfc_expr*)
../../gcc-150221/gcc/fortran/resolve.c:7079
#1 0x91d45b in resolve_charlen ../../gcc-150221/gcc/fortran/resolve.c:12436
#2 0x96f604 in resolve_types ../../gcc-150221/gcc/fortran/resolve.c:17294
#3 0x970adf in gfc_resolve(gfc_namespace*)
../../gcc-150221/gcc/fortran/resolve.c:17411
#4 0x81fc90 in resolve_all_program_units
../../gcc-150221/gcc/fortran/parse.c:6290
#5 0x82229f in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6542
#6 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
#7 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
#8 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
#9 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
#10 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
#11 0x152cd7c9a1e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
#12 0x41958d in _start
(/home/vitti/1TB/local/gcc-150221-sanitized/libexec/gcc/x86_64-pc-linux-gnu/11.0.0/f951+0x41958d)
0x604000001628 is located 24 bytes inside of 48-byte region
[0x604000001610,0x604000001640)
freed by thread T0 here:
#0 0x152cd8bec797 in __interceptor_free
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0xa1cd6f in gfc_delete_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2964
#2 0xa25801 in gfc_restore_last_undo_checkpoint()
../../gcc-150221/gcc/fortran/symbol.c:3706
#3 0xa25a5f in gfc_undo_symbols()
../../gcc-150221/gcc/fortran/symbol.c:3739
#4 0x80175f in reject_statement ../../gcc-150221/gcc/fortran/parse.c:2678
#5 0x7f2bb0 in match_word ../../gcc-150221/gcc/fortran/parse.c:70
#6 0x7f445d in decode_statement ../../gcc-150221/gcc/fortran/parse.c:376
#7 0x7fd6c8 in next_free ../../gcc-150221/gcc/fortran/parse.c:1316
#8 0x7fe845 in next_statement ../../gcc-150221/gcc/fortran/parse.c:1548
#9 0x80bfe5 in parse_spec ../../gcc-150221/gcc/fortran/parse.c:3783
#10 0x81bef7 in parse_progunit ../../gcc-150221/gcc/fortran/parse.c:5896
#11 0x821732 in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6437
#12 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
#13 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
#14 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
#15 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
#16 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
#17 0x152cd7c9a1e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
previously allocated by thread T0 here:
#0 0x152cd8becc47 in __interceptor_calloc
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x83c3e31 in xcalloc ../../gcc-150221/libiberty/xmalloc.c:162
#2 0xa1cade in gfc_new_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2934
#3 0xa20eed in gfc_get_sym_tree(char const*, gfc_namespace*, gfc_symtree**,
bool) ../../gcc-150221/gcc/fortran/symbol.c:3384
#4 0xa21e11 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
../../gcc-150221/gcc/fortran/symbol.c:3469
#5 0x846df0 in gfc_match_rvalue(gfc_expr**)
../../gcc-150221/gcc/fortran/primary.c:3512
#6 0x7191c4 in match_primary ../../gcc-150221/gcc/fortran/matchexp.c:157
#7 0x7194a7 in match_level_1 ../../gcc-150221/gcc/fortran/matchexp.c:211
#8 0x719832 in match_mult_operand
../../gcc-150221/gcc/fortran/matchexp.c:267
#9 0x71a031 in match_add_operand
../../gcc-150221/gcc/fortran/matchexp.c:356
#10 0x71a9bd in match_level_2 ../../gcc-150221/gcc/fortran/matchexp.c:480
#11 0x71af3e in match_level_3 ../../gcc-150221/gcc/fortran/matchexp.c:551
#12 0x71b368 in match_level_4 ../../gcc-150221/gcc/fortran/matchexp.c:599
#13 0x71c2f7 in match_and_operand
../../gcc-150221/gcc/fortran/matchexp.c:693
#14 0x71c5b1 in match_or_operand
../../gcc-150221/gcc/fortran/matchexp.c:722
#15 0x71c9c2 in match_equiv_operand
../../gcc-150221/gcc/fortran/matchexp.c:765
#16 0x71cdd3 in match_level_5 ../../gcc-150221/gcc/fortran/matchexp.c:811
#17 0x71d283 in gfc_match_expr(gfc_expr**)
../../gcc-150221/gcc/fortran/matchexp.c:870
#18 0x4f8e6b in char_len_param_value
../../gcc-150221/gcc/fortran/decl.c:1072
#19 0x515d15 in gfc_match_char_spec(gfc_typespec*)
../../gcc-150221/gcc/fortran/decl.c:3431
#20 0x6e814b in gfc_match_type_spec(gfc_typespec*)
../../gcc-150221/gcc/fortran/match.c:2169
#21 0x43f26c in gfc_match_array_constructor(gfc_expr**)
../../gcc-150221/gcc/fortran/array.c:1242
#22 0x7191a7 in match_primary ../../gcc-150221/gcc/fortran/matchexp.c:153
#23 0x7194a7 in match_level_1 ../../gcc-150221/gcc/fortran/matchexp.c:211
#24 0x719832 in match_mult_operand
../../gcc-150221/gcc/fortran/matchexp.c:267
#25 0x71a031 in match_add_operand
../../gcc-150221/gcc/fortran/matchexp.c:356
#26 0x71a9bd in match_level_2 ../../gcc-150221/gcc/fortran/matchexp.c:480
#27 0x71af3e in match_level_3 ../../gcc-150221/gcc/fortran/matchexp.c:551
#28 0x71b368 in match_level_4 ../../gcc-150221/gcc/fortran/matchexp.c:599
#29 0x71c2f7 in match_and_operand
../../gcc-150221/gcc/fortran/matchexp.c:693
SUMMARY: AddressSanitizer: heap-use-after-free
../../gcc-150221/gcc/fortran/resolve.c:7079 in gfc_resolve_expr(gfc_expr*)
Shadow bytes around the buggy address:
0x0c087fff8270: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8280: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fd
0x0c087fff8290: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff82a0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x0c087fff82b0: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fd
=>0x0c087fff82c0: fa fa fd fd fd[fd]fd fd fa fa 00 00 00 00 00 00
0x0c087fff82d0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff82e0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff82f0: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fd
0x0c087fff8300: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8310: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==130180==ABORTING
