This is the mail archive of the fortran@gcc.gnu.org mailing list for the GNU Fortran project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Patch, Fortran] PR35093 fix ICE with gfortran.dg/data_constraints_1.f90


gfortran was freeing (mpz_clear()ing) the variable "size" twice in

             mpz_t size;
             if (spec_size (ref->u.ar.as, &size) == SUCCESS
                  && mpz_cmp (offset, size) >= 0)
               {
                 mpz_clear (size);
                 gfc_error ("Data element above array upper bound at %L",
                            &lvalue->where);
                 return FAILURE;
               }
             mpz_clear (size);


The problem is that for "spec_size == FAILED" the variable is already cleared. At least with glibc's memory checking turned on, this causes gfortran to crash for gfortran.dg/data_constraints_1.f90. The solution is simple: Only clear "size" if spec_size returned SUCCESS. (The code above has been introduced in the fix for 32315, which makes it a regression.)


It is unclear to me whether it can also crash for valid code or only for invalid code.

Build and regtested on x86-64-linux.
OK for the trunk (4.3.0)?

Tobias

PS: As the patch for PR 33553 has been approved, there are no unapproved P1 regressions left, which means that GCC will have the RC1 freeze soon; soon after we are expected to see the RC1 together with a 4.4.0 trunk.
2008-02-05  Tobias Burnus  <burnus@net-b.de>

	PR fortran/35093
	* data.c (gfc_assign_data_value): Only free "size" if
	it has not already been freed.

Index: gcc/fortran/data.c
===================================================================
--- gcc/fortran/data.c	(Revision 132124)
+++ gcc/fortran/data.c	(Arbeitskopie)
@@ -321,15 +321,17 @@ gfc_assign_data_value (gfc_expr *lvalue,
 	  else
 	    {
 	      mpz_t size;
-	      if (spec_size (ref->u.ar.as, &size) == SUCCESS
-		   && mpz_cmp (offset, size) >= 0)
+	      if (spec_size (ref->u.ar.as, &size) == SUCCESS)
 		{
+		  if (mpz_cmp (offset, size) >= 0)
+		  {
+		    mpz_clear (size);
+		    gfc_error ("Data element above array upper bound at %L",
+			       &lvalue->where);
+		    return FAILURE;
+		  }
 		  mpz_clear (size);
-		  gfc_error ("Data element above array upper bound at %L",
-			     &lvalue->where);
-		  return FAILURE;
 		}
-	      mpz_clear (size);
 	    }
 
 	  /* Splay tree containing offset and gfc_constructor.  */

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]