This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug fortran/81531] Multiple Invalid reads seen by valgrind on an invalid test-case
- From: "dominiq at lps dot ens.fr" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 24 Jul 2017 12:29:40 +0000
- Subject: [Bug fortran/81531] Multiple Invalid reads seen by valgrind on an invalid test-case
- Auto-submitted: auto-generated
- References: <bug-81531-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81531
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-07-24
Ever confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
When compiling gfortran.dg/fimplicit_none_2.f90 with an instrumented compiler I
get
/opt/gcc/work/gcc/testsuite/gfortran.dg/fimplicit_none_2.f90:5:34:
character(*), parameter :: z(2) = [character(n) :: 'x', 'y'] ! { dg-error
"Scalar INTEGER expression expected" }
1
Error: Cannot initialize parameter array at (1) with variable length elements
=================================================================
==43942==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000000f68
at pc 0x000100308c73 bp 0x7fff5fbfea10 sp 0x7fff5fbfea08
READ of size 8 at 0x604000000f68 thread T0
#0 0x100308c72 in gfc_resolve_expr(gfc_expr*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100308c72)
#1 0x10031ccfc in resolve_charlen(gfc_charlen*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10031ccfc)
#2 0x100341138 in resolve_types(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100341138)
#3 0x1002efa1a in gfc_resolve(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1002efa1a)
#4 0x100279e98 in resolve_all_program_units(gfc_namespace*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100279e98)
#5 0x1002958d8 in gfc_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1002958d8)
#6 0x1003ec86e in gfc_be_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003ec86e)
#7 0x10457dccc in compile_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10457dccc)
#8 0x1045868f4 in do_compile()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1045868f4)
#9 0x106498d0f in toplev::main(int, char**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x106498d0f)
#10 0x10649e0ae in main
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10649e0ae)
#11 0x7fffa0edd234 in start (/usr/lib/system/libdyld.dylib+0x5234)
0x604000000f68 is located 24 bytes inside of 48-byte region
[0x604000000f50,0x604000000f80)
freed by thread T0 here:
#0 0x152ae26c0 in wrap_free.part.0
(/opt/gcc/gcc7a/lib/libasan.4.dylib+0x646c0)
#1 0x1003a5e11 in gfc_delete_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003a5e11)
#2 0x1003bb0d8 in gfc_restore_last_undo_checkpoint()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003bb0d8)
#3 0x1003bb2a7 in gfc_undo_symbols()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003bb2a7)
#4 0x10027a285 in reject_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10027a285)
#5 0x10027a385 in match_word(char const*, match (*)(), locus*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10027a385)
#6 0x100285627 in decode_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100285627)
#7 0x100287b74 in next_free()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100287b74)
#8 0x10028843e in next_statement()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10028843e)
#9 0x10028dbc0 in parse_spec(gfc_statement)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10028dbc0)
#10 0x100293a7f in parse_progunit(gfc_statement)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100293a7f)
#11 0x10029589a in gfc_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10029589a)
#12 0x1003ec86e in gfc_be_parse_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003ec86e)
#13 0x10457dccc in compile_file()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10457dccc)
#14 0x1045868f4 in do_compile()
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1045868f4)
#15 0x106498d0f in toplev::main(int, char**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x106498d0f)
#16 0x10649e0ae in main
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x10649e0ae)
#17 0x7fffa0edd234 in start (/usr/lib/system/libdyld.dylib+0x5234)
previously allocated by thread T0 here:
#0 0x152ae1d40 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.4.dylib+0x63d40)
#1 0x1062bca71 in xcalloc
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1062bca71)
#2 0x1003a5b0a in gfc_new_symtree(gfc_symtree**, char const*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003a5b0a)
#3 0x1003a9831 in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003a9831)
#4 0x1003aa7e4 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1003aa7e4)
#5 0x1002b3e1a in gfc_match_rvalue(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1002b3e1a)
#6 0x1001bd489 in match_primary(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bd489)
#7 0x1001bd722 in match_level_1(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bd722)
#8 0x1001bdab3 in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bdab3)
#9 0x1001be2db in match_add_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001be2db)
#10 0x1001beccb in match_level_2(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001beccb)
#11 0x1001bf1fb in match_level_3(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bf1fb)
#12 0x1001bf665 in match_level_4(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bf665)
#13 0x1001c058d in match_and_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001c058d)
#14 0x1001c0837 in match_or_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001c0837)
#15 0x1001c0c91 in match_equiv_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001c0c91)
#16 0x1001c10f2 in match_level_5(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001c10f2)
#17 0x1001bcfa0 in gfc_match_expr(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bcfa0)
#18 0x100074e65 in char_len_param_value(gfc_expr**, bool*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100074e65)
#19 0x1000833f7 in gfc_match_char_spec(gfc_typespec*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1000833f7)
#20 0x1001a915e in gfc_match_type_spec(gfc_typespec*)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001a915e)
#21 0x100018d84
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100018d84)
#22 0x1001bd47c in match_primary(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bd47c)
#23 0x1001bd722 in match_level_1(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bd722)
#24 0x1001bdab3 in match_mult_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bdab3)
#25 0x1001be2db in match_add_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001be2db)
#26 0x1001beccb in match_level_2(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001beccb)
#27 0x1001bf1fb in match_level_3(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bf1fb)
#28 0x1001bf665 in match_level_4(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001bf665)
#29 0x1001c058d in match_and_operand(gfc_expr**)
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x1001c058d)
SUMMARY: AddressSanitizer: heap-use-after-free
(/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.6.0/8.0.0/f951+0x100308c72)
in gfc_resolve_expr(gfc_expr*)
Shadow bytes around the buggy address:
0x1c0800000190: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
0x1c08000001a0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c08000001b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c08000001c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x1c08000001d0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
=>0x1c08000001e0: fa fa fd fd fd fd fd fd fa fa fd fd fd[fd]fd fd
0x1c08000001f0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
0x1c0800000200: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x1c0800000210: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x1c0800000220: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa
0x1c0800000230: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==43942==ABORTING
f951: internal compiler error: Abort trap: 6
...