Bug 27588

Summary: -fbounds-check should catch substring out of range accesses
Product: gcc Reporter: tobias.burnus
Component: fortranAssignee: Tobias Burnus <burnus>
Status: RESOLVED FIXED    
Severity: enhancement CC: fxcoudert, gcc-bugs
Priority: P3    
Version: 4.2.0   
Target Milestone: ---   
Host: Target:
Build: Known to work:
Known to fail: Last reconfirmed: 2006-06-08 09:01:54
Bug Depends on:    
Bug Blocks: 27766    

Description tobias.burnus 2006-05-13 14:07:21 UTC 
Taken from http://www.polyhedron.com/pb05/linux/diagnose.html
------<CBND1.F>-------
! character bound error - local variable
      program cbnd1
      character*10 zz
      i = 2
      j = i+9
      zz(i:j) = 'abcdef'
      print * , zz
      end
----------------------
gfortran-4.2 -Wall -pedantic -fbounds-check CBND1.F
./a.out
 ^Aabcdef

Expected: Issue a run-time error message.

Examples of other compilers:

ifort64-9.1 -C -check all -warn all,nodec,interfaces -gen_interfaces -traceback -fpe0 -fpstkchk CBND1.F
./a.out
forrtl: severe (408): fort: (4): Variable ZZ has substring ending point 11 which is greater than the variable length of 10


g95 -Wall -pedantic -fbounds-check -ftrace=full CBND1.F
./a.out
At line 6 of file CBND1.F
Traceback: (Innermost first)
Fortran runtime error: Substring reference out of bounds: (2:11) in string of length 10

NAG: f95 -C=all -C=undefined -info -g -gline CBND1.F
Out of range: substring ending position 11 is greater than length 10
Program terminated by fatal error
In CBND1, line 6 of CBND1.F


The following is even detected at compile time by the intel and NAGf95 compilers (gfortran does not detect it at compile or runtime):
--------<CBND3.F>--------------
! Check character bound error - assign to dummy argument which is larger than actual arg
      program cbnd3
      character*10 zz,zzz
      common /aaa/zz,zzz
      zz = '0000000000'
      zzz = '1111111111'

      call sub(zz)
      print * , zzz
      end
      subroutine sub(zz)
      character*11 zz
      zz = 'abcdef'
      print * , zz
      end
---------------------------
Comment 1 Paul Thomas 2006-06-05 21:01:02 UTC 
Tobias,

You are right, we do not check character lengths in assignment, yet.  It is another PR but I just do not recall which, right now. You are correct, that this should be included in bounds checking.  The standard demands that the length of the rhs, in total, should not exceed that of the lhs.

Thank you for the report.

Paul
Comment 2 Francois-Xavier Coudert 2006-06-08 09:01:54 UTC 
I'm writing a patch to add substring bounds checking. I hope to post it in the next few days.
Comment 3 tobias.burnus 2006-10-02 15:15:40 UTC 
> From Francois-Xavier Coudert 2006-06-08
I'm writing a patch to add substring bounds checking. I hope to post it in the
next few days.

What is the status? If you have something, I'd save my time of looking at trans-expr.c's gfc_conv_substring and trying to understand how to add it there.

Looking at http://www.polyhedron.com/pb05/linux/diagnose.html, this seems to be the last area where gfortran is worse than all others.
Comment 4 Francois-Xavier.Coudert@ens.fr 2006-10-02 15:32:42 UTC 
Subject: Re:  -fbounds-check should catch substring out of range accesses

> I'm writing a patch to add substring bounds checking. I hope to post it in the
> next few days.

Great!

> What is the status? If you have something, I'd save my time of looking
> at trans-expr.c's gfc_conv_substring and trying to understand how to
> add it there.

The status is: "I had the beginning of a patch, but it didn't work fully,
and I think it didn't survive summer cleaning of my account". But, I'll
be happy to answer any question you have, and review your patch.
Comment 5 patchapp@dberlin.org 2006-10-05 08:07:55 UTC 
Subject: Bug number PR27588

A patch for this bug has been added to the patch tracker.
The mailing list url for the patch is http://gcc.gnu.org/ml/gcc-patches/2006-10/msg00234.html
Comment 6 Tobias Burnus 2006-11-10 20:46:26 UTC 
The latest patch is at:
http://gcc.gnu.org/ml/gcc-patches/2006-10/msg01030.html

Problems:
- variable name missing
- line number is off-by-one
Comment 7 Tobias Burnus 2006-11-10 22:41:28 UTC 
Mine.
Comment 8 patchapp@dberlin.org 2006-11-11 01:25:44 UTC 
Subject: Bug number PR27588

A patch for this bug has been added to the patch tracker.
The mailing list url for the patch is http://gcc.gnu.org/ml/gcc-patches/2006-11/msg00694.html
Comment 9 Tobias Burnus 2006-11-15 10:13:29 UTC 
Subject: Bug 27588

Author: burnus
Date: Wed Nov 15 10:13:16 2006
New Revision: 118852

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=118852
Log:
fortran/
2006-11-15  Tobias Burnus  <burnus@net-b.de>
            Francois-Xavier Coudert  <fxcoudert@gcc.gnu.org>

       PR fortran/27588
       * trans-expr.c (gfc_conv_substring): Add bounds checking.
         (gfc_conv_variable, gfc_conv_substring_expr): Pass more
         arguments to gfc_conv_substring.

testsuite/
2006-11-15  Tobias Burnus  <burnus@net-b.de>

       PR fortran/27588
       * gfortran.dg/char_bounds_check_fail_1.f90: New test.


Modified:
    trunk/gcc/fortran/ChangeLog
    trunk/gcc/fortran/trans-expr.c
    trunk/gcc/testsuite/ChangeLog
Comment 10 Tobias Burnus 2006-11-15 10:16:22 UTC 
Fixed in 4.3 == trunk.
Comment 11 Tobias Burnus 2007-01-31 10:24:16 UTC 
Subject: Bug 27588

Author: burnus
Date: Wed Jan 31 10:23:53 2007
New Revision: 121401

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=121401
Log:
(This part was missing in the r118852 / Wed Nov 15 10:13:16 2006 check in)

2007-01-31  Tobias Burnus  <burnus@net-b.de>

        PR fortran/27588
        * gfortran.dg/char_bounds_check_fail_1.f90: Add test.


Added:
    trunk/gcc/testsuite/gfortran.dg/char_bounds_check_fail_1.f90
Modified:
    trunk/gcc/testsuite/ChangeLog