This is the mail archive of the fortran@gcc.gnu.org mailing list for the GNU Fortran project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[patch, libfortran] Fix PR 32217, crash on unpack of zero-sized array


:ADDPATCH fortran:

Hello world,

having returned from my holidays, here's a small patch that fixes PR
32217.  The problem here was that the data pointer for a zero-sized
array was dereferenced inside the library, which caused a segfault.

Regression-tested on i686-pc-linux-gnu.  Also regression-tested on PPC
with Darwin 7 by Dominique, as noted in the PR.

OK for trunk?

	Thomas

2007-07-08  Thomas Koenig  <tkoenig@gcc.gnu.org>

	PR libfortran/32217
	* intrinsics/unpack_generic.c:  If the destination array is 
	empty, return early.

2007-07-08  Thomas Koenig  <tkoenig@gcc.gnu.org>

	PR libfortran/32217
	* gfortran.dg/unpack_zerosize_1.f90:  New test case.
Index: intrinsics/unpack_generic.c
===================================================================
--- intrinsics/unpack_generic.c	(revision 124572)
+++ intrinsics/unpack_generic.c	(working copy)
@@ -61,6 +61,9 @@ unpack_internal (gfc_array_char *ret, co
   index_type n;
   index_type dim;
 
+  int empty;
+
+  empty = 0;
   if (ret->data == NULL)
     {
       /* The front end has signalled that we need to populate the
@@ -74,6 +77,7 @@ unpack_internal (gfc_array_char *ret, co
 	  ret->dim[n].lbound = 0;
 	  ret->dim[n].ubound = mask->dim[n].ubound - mask->dim[n].lbound;
 	  extent[n] = ret->dim[n].ubound + 1;
+	  empty = empty || extent[n] <= 0;
 	  rstride[n] = ret->dim[n].stride * size;
 	  fstride[n] = field->dim[n].stride * fsize;
 	  mstride[n] = mask->dim[n].stride;
@@ -89,6 +93,7 @@ unpack_internal (gfc_array_char *ret, co
 	{
 	  count[n] = 0;
 	  extent[n] = ret->dim[n].ubound + 1 - ret->dim[n].lbound;
+	  empty = empty || extent[n] <= 0;
 	  rstride[n] = ret->dim[n].stride * size;
 	  fstride[n] = field->dim[n].stride * fsize;
 	  mstride[n] = mask->dim[n].stride;
@@ -96,6 +101,10 @@ unpack_internal (gfc_array_char *ret, co
       if (rstride[0] == 0)
 	rstride[0] = size;
     }
+
+  if (empty)
+    return;
+
   if (fstride[0] == 0)
     fstride[0] = fsize;
   if (mstride[0] == 0)
! { dg-do run }
! PR 32217 - unpack used to crash at runtime with a zero-sized
!            array.  Test case submitted by Jaroslav Hajek.
program bug_report
  implicit none
  integer,parameter:: rp = kind(1.d0),na = 6
  real(rp),allocatable:: hhe(:,:,:),hhc(:,:,:),dv(:)
  integer:: nhh,ndv
  nhh = 0
  allocate(hhe(nhh,2,2))
  ndv = 2*na + count(hhe /= 0)
  allocate(hhc(nhh,2,2),dv(ndv))
  hhc = unpack(dv(2*na+1:),hhe /= 0._rp,0._rp)
end program bug_report

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]