This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fortran/78618] ICE in gfc_check_rank, at fortran/check.c:3670
- From: "sgk at troutmask dot apl.washington.edu" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Sun, 04 Dec 2016 17:06:15 +0000
- Subject: [Bug fortran/78618] ICE in gfc_check_rank, at fortran/check.c:3670
- Auto-submitted: auto-generated
- References: <bug-78618-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78618
--- Comment #18 from Steve Kargl <sgk at troutmask dot apl.washington.edu> ---
On Sun, Dec 04, 2016 at 04:24:21PM +0000, janus at gcc dot gnu.org wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78618
>
> Maybe one can instead try to nullify the memory in gfc_free charlen, so that we
> at least know that cl->lengh is not a valid pointer? (Something similar is also
> done in gfc_free_expr / free_expr0 in expr.c.)
>
> Index: symbol.c
> ===================================================================
> --- symbol.c (revision 243224)
> +++ symbol.c (working copy)
> @@ -3838,6 +3838,7 @@ gfc_free_charlen (gfc_charlen *cl, gfc_charlen *en
>
> cl2 = cl->next;
> gfc_free_expr (cl->length);
> + memset (cl, '\0', sizeof (gfc_charlen));
> free (cl);
> }
> }
>
Doesn't that leak memory? The 'free(cl)' in the line
after memset() should be a NOP, so whatever cl pointed
to before the memset() is leaked.
Hmmm, doesn't seem to help. Setting a break point in
gdb at gfc_free_charlen, I see
Breakpoint 1, gfc_free_charlen (cl=0x0, end=0x0) at
/mnt/kargl/gcc/gcc/fortran/symbol.c:3832
3832 {
(gdb)
Continuing.
Program received signal SIGSEGV, Segmentation fault.
gfc_is_constant_expr (e=0x193e) at /mnt/kargl/gcc/gcc/fortran/expr.c:897
897 switch (e->expr_type)
Note, gfc_charlen_free() was called 43 times before the SIGSEGV. In
only one call, cl was non-NULL.