25142 – Segfault in unformatted_write for large records

Bug 25142 - Segfault in unformatted_write for large records

Summary: Segfault in unformatted_write for large records

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	libfortran (show other bugs)
Version:	4.0.2

Importance:	P3 normal
Target Milestone:	4.1.0
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-11-28 17:43 UTC by Iwan Kawrakow
Modified:	2005-11-28 17:52 UTC (History)
CC List:	1 user (show)

See Also:
Host:	x86_64-unknown-linux-gnu
Target:	x86_64-unknown-linux-gnu
Build:	x86_64-unknown-linux-gnu
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Iwan Kawrakow 2005-11-28 17:43:43 UTC

I get a segmentation fault when trying to execute the 
following simple program:
>cat junk2.f
      program junk
      character*28000 s
      do i=1,28000
        s(i:i) = 'a'
      end do
      open(3,file='junk_file',form='unformatted',access='direct',
     &     recl=28000)
      write(3,rec=1) s
      end
>gfortran junk2.f
>./a.out
Segmentation fault

I think, the problem can be traced back to mmap_alloc(), 
where the size of the allocated memory is calculated as 

length = ((where - offset) & page_mask) + 2 * page_size;

and turns out to be 8192 bytes on my system, with no checks 
being made to see if this is large enough for the actual 
data size. The subsequent memcpy in unformatted_write leads 
to segmentation fault. 

The fix is trivial (allocate enough memroy in mmap_alloc), 
unless there are considerations concerning the maximum 
memory use of the runtime library.

Comment 1 Andrew Pinski 2005-11-28 17:52:35 UTC

This is fixed in 4.1.0 by removing the mmap code.