This is the mail archive of the
fortran@gcc.gnu.org
mailing list for the GNU Fortran project.
[Patch, Fortran] PR35093 fix ICE with gfortran.dg/data_constraints_1.f90
- From: Tobias Burnus <burnus at net-b dot de>
- To: "'fortran at gcc dot gnu dot org'" <fortran at gcc dot gnu dot org>, gcc-patches <gcc-patches at gcc dot gnu dot org>
- Date: Tue, 05 Feb 2008 19:29:36 +0100
- Subject: [Patch, Fortran] PR35093 fix ICE with gfortran.dg/data_constraints_1.f90
gfortran was freeing (mpz_clear()ing) the variable "size" twice in
mpz_t size;
if (spec_size (ref->u.ar.as, &size) == SUCCESS
&& mpz_cmp (offset, size) >= 0)
{
mpz_clear (size);
gfc_error ("Data element above array upper bound at %L",
&lvalue->where);
return FAILURE;
}
mpz_clear (size);
The problem is that for "spec_size == FAILED" the variable is already
cleared. At least with glibc's memory checking turned on, this causes
gfortran to crash for gfortran.dg/data_constraints_1.f90. The solution
is simple: Only clear "size" if spec_size returned SUCCESS. (The code
above has been introduced in the fix for 32315, which makes it a
regression.)
It is unclear to me whether it can also crash for valid code or only for
invalid code.
Build and regtested on x86-64-linux.
OK for the trunk (4.3.0)?
Tobias
PS: As the patch for PR 33553 has been approved, there are no unapproved
P1 regressions left, which means that GCC will have the RC1 freeze soon;
soon after we are expected to see the RC1 together with a 4.4.0 trunk.
2008-02-05 Tobias Burnus <burnus@net-b.de>
PR fortran/35093
* data.c (gfc_assign_data_value): Only free "size" if
it has not already been freed.
Index: gcc/fortran/data.c
===================================================================
--- gcc/fortran/data.c (Revision 132124)
+++ gcc/fortran/data.c (Arbeitskopie)
@@ -321,15 +321,17 @@ gfc_assign_data_value (gfc_expr *lvalue,
else
{
mpz_t size;
- if (spec_size (ref->u.ar.as, &size) == SUCCESS
- && mpz_cmp (offset, size) >= 0)
+ if (spec_size (ref->u.ar.as, &size) == SUCCESS)
{
+ if (mpz_cmp (offset, size) >= 0)
+ {
+ mpz_clear (size);
+ gfc_error ("Data element above array upper bound at %L",
+ &lvalue->where);
+ return FAILURE;
+ }
mpz_clear (size);
- gfc_error ("Data element above array upper bound at %L",
- &lvalue->where);
- return FAILURE;
}
- mpz_clear (size);
}
/* Splay tree containing offset and gfc_constructor. */