This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fortran/67588] New: module.c heap use after free
- From: "zeccav at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 15 Sep 2015 13:34:59 +0000
- Subject: [Bug fortran/67588] New: module.c heap use after free
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67588
Bug ID: 67588
Summary: module.c heap use after free
Product: gcc
Version: 6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: zeccav at gmail dot com
Target Milestone: ---
Let us look at module.c:800 and next:
use_list = module_list;
for (; module_list->next; use_list = use_list->next)
{
module_list = use_list->next;
free (use_list);
}
The Asan sanitizer detects that after the first iteration use_list is freed,
you can see that by inspection. But in the for statement it is dereferenced.
So this loop is wrong.
Maybe it should be
for (; module_list->next; use_list = module_list)
{
module_list = use_list->next;
free (use_list);
}