This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
[Bug fortran/52622] ICE in gfortran 4.6.3, x86_64

From: "dominiq at lps dot ens.fr" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Sun, 24 Sep 2017 12:49:15 +0000
Subject: [Bug fortran/52622] ICE in gfortran 4.6.3, x86_64
Auto-submitted: auto-generated
References: <bug-52622-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52622

--- Comment #12 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
An instrumented compiler gives:

pr52622_red.f90:30:35:

   type, bind(c) :: Args_Basic_epv_t
                                   1
Warning: Derived type 'args_basic_epv_t' with BIND(C) attribute at (1) is
empty, and may be inaccessible by the C companion processor
pr52622_red.f90:98:2:

   function passeverywherefcomplex_impl(self, c1, c2, c3, exception) result(   
&
  1
Error: Unclassifiable statement at (1)
=================================================================
==2028==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200008091a
at pc 0x0001002ff02e bp 0x7fff5fbfe920 sp 0x7fff5fbfe918
READ of size 1 at 0x61200008091a thread T0
    #0 0x1002ff02d in resolve_symbol(gfc_symbol*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002ff02d)
    #1 0x10039b1b8 in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*))
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10039b1b8)
    #2 0x1003b3773 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3773)
    #3 0x100345c3a in resolve_types(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100345c3a)
    #4 0x100345d66 in resolve_types(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100345d66)
    #5 0x1002f42cf in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002f42cf)
    #6 0x10029a2bf in gfc_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a2bf)
    #7 0x1003f14f2 in gfc_be_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003f14f2)
    #8 0x1045a4bac in compile_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045a4bac)
    #9 0x1045ad7fe in do_compile()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe)
    #10 0x10651f30d in toplev::main(int, char**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d)
    #11 0x1065249ce in main
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce)
    #12 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

0x61200008091a is located 90 bytes inside of 320-byte region
[0x6120000808c0,0x612000080a00)
freed by thread T0 here:
    #0 0x152cd4120 in wrap_free.part.0
(/opt/gcc/gcc8w/lib/libasan.4.dylib+0x67120)
    #1 0x1003b3068 in gfc_free_symbol(gfc_symbol*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3068)
    #2 0x1003b3519 in gfc_release_symbol(gfc_symbol*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3519)
    #3 0x1003bf7ed in gfc_restore_last_undo_checkpoint()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003bf7ed)
    #4 0x1003bfea3 in gfc_undo_symbols()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003bfea3)
    #5 0x10027e8e5 in reject_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10027e8e5)
    #6 0x100289e9c in decode_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100289e9c)
    #7 0x10028c1dc in next_free()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028c1dc)
    #8 0x10028caa6 in next_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028caa6)
    #9 0x1002991ab in parse_contained(int)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002991ab)
    #10 0x1002996e4 in parse_module()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002996e4)
    #11 0x10029a4e1 in gfc_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a4e1)
    #12 0x1003f14f2 in gfc_be_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003f14f2)
    #13 0x1045a4bac in compile_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045a4bac)
    #14 0x1045ad7fe in do_compile()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe)
    #15 0x10651f30d in toplev::main(int, char**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d)
    #16 0x1065249ce in main
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce)
    #17 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

previously allocated by thread T0 here:
    #0 0x152cd376c in wrap_calloc (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x6676c)
    #1 0x106366bd9 in xcalloc
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x106366bd9)
    #2 0x1003aafd8 in gfc_new_symbol(char const*, gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003aafd8)
    #3 0x1003ad6ea in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003ad6ea)
    #4 0x1003ae8c5 in gfc_get_symbol(char const*, gfc_namespace*, gfc_symbol**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003ae8c5)
    #5 0x1000888e9 in gfc_match_formal_arglist(gfc_symbol*, int, int)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1000888e9)
    #6 0x100099ced in gfc_match_function_decl()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100099ced)
    #7 0x100289afc in decode_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100289afc)
    #8 0x10028c1dc in next_free()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028c1dc)
    #9 0x10028caa6 in next_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028caa6)
    #10 0x1002991ab in parse_contained(int)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002991ab)
    #11 0x1002996e4 in parse_module()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002996e4)
    #12 0x10029a4e1 in gfc_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a4e1)
    #15 0x1045ad7fe in do_compile()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe)
    #16 0x10651f30d in toplev::main(int, char**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d)
    #17 0x1065249ce in main
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce)
    #18 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234)

SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002ff02d)
in resolve_symbol(gfc_symbol*)
Shadow bytes around the buggy address:
  0x1c24000100d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c24000100e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c24000100f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2400010100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2400010110: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x1c2400010120: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2400010130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2400010140: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c2400010150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2400010160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2400010170: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2028==ABORTING
f951: internal compiler error: Abort trap: 6
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]