This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Possible memory leaks and NULL pointer dereference
- From: Steve Kargl <sgk at troutmask dot apl dot washington dot edu>
- To: fortran at gcc dot gnu dot org
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Thu, 15 May 2008 14:45:44 -0700
- Subject: Possible memory leaks and NULL pointer dereference
The attached patch fixes several possible memory leaks and NULL
pointer dereference. In particular, gfc_simplify_reshape needs
some care.
I no longer have commit access, so someone will need to commit
this for me.
2008-05-15 Steven G. Kargl <kargls@comcast.net>
* simplify.c (gfc_simplify_dble, gfc_simplify_float,
simplify_bound, gfc_simplify_nearest, gfc_simplify_real): Plug
possible memory leaks.
(gfc_simplify_reshape): Plug possible memory leaks and dereferencing
of NULL pointers.
--
Steve
Index: simplify.c
===================================================================
--- simplify.c (revision 135381)
+++ simplify.c (working copy)
@@ -1123,7 +1124,10 @@ gfc_simplify_dble (gfc_expr *e)
ts.kind = gfc_default_double_kind;
result = gfc_copy_expr (e);
if (!gfc_convert_boz (result, &ts))
- return &gfc_bad_expr;
+ {
+ gfc_free_expr (result);
+ return &gfc_bad_expr;
+ }
}
return range_check (result, "DBLE");
@@ -1346,7 +1350,10 @@ gfc_simplify_float (gfc_expr *a)
result = gfc_copy_expr (a);
if (!gfc_convert_boz (result, &ts))
- return &gfc_bad_expr;
+ {
+ gfc_free_expr (result);
+ return &gfc_bad_expr;
+ }
}
else
result = gfc_int2real (a, gfc_default_real_kind);
@@ -2378,7 +2363,10 @@ simplify_bound (gfc_expr *array, gfc_exp
k = get_kind (BT_INTEGER, kind, upper ? "UBOUND" : "LBOUND",
gfc_default_integer_kind);
if (k == -1)
- return &gfc_bad_expr;
+ {
+ gfc_free_expr (e);
+ return &gfc_bad_expr;
+ }
e->ts.kind = k;
/* The result is a rank 1 array; its size is the rank of the first
@@ -2999,6 +2987,7 @@ gfc_simplify_nearest (gfc_expr *x, gfc_e
if (mpfr_nan_p (result->value.real) && gfc_option.flag_range_check)
{
gfc_error ("Result of NEAREST is NaN at %L", &result->where);
+ gfc_free_expr (result);
return &gfc_bad_expr;
}
@@ -3239,8 +3228,12 @@ gfc_simplify_real (gfc_expr *e, gfc_expr
ts.kind = kind;
result = gfc_copy_expr (e);
if (!gfc_convert_boz (result, &ts))
- return &gfc_bad_expr;
+ {
+ gfc_free_expr (result);
+ return &gfc_bad_expr;
+ }
}
+
return range_check (result, "REAL");
}
@@ -3449,13 +3442,11 @@ gfc_simplify_reshape (gfc_expr *source,
goto bad_reshape;
}
- gfc_free_expr (e);
-
if (rank >= GFC_MAX_DIMENSIONS)
{
gfc_error ("Too many dimensions in shape specification for RESHAPE "
"at %L", &e->where);
-
+ gfc_free_expr (e);
goto bad_reshape;
}
@@ -3463,9 +3454,11 @@ gfc_simplify_reshape (gfc_expr *source,
{
gfc_error ("Shape specification at %L cannot be negative",
&e->where);
+ gfc_free_expr (e);
goto bad_reshape;
}
+ gfc_free_expr (e);
rank++;
}
@@ -3505,12 +3498,11 @@ gfc_simplify_reshape (gfc_expr *source,
goto bad_reshape;
}
- gfc_free_expr (e);
-
if (order[i] < 1 || order[i] > rank)
{
gfc_error ("ORDER parameter of RESHAPE at %L is out of range",
&e->where);
+ gfc_free_expr (e);
goto bad_reshape;
}
@@ -3520,9 +3512,12 @@ gfc_simplify_reshape (gfc_expr *source,
{
gfc_error ("Invalid permutation in ORDER parameter at %L",
&e->where);
+ gfc_free_expr (e);
goto bad_reshape;
}
+ gfc_free_expr (e);
+
x[order[i]] = 1;
}
}
@@ -3562,7 +3557,7 @@ gfc_simplify_reshape (gfc_expr *source,
}
if (mpz_cmp_ui (index, INT_MAX) > 0)
- gfc_internal_error ("Reshaped array too large at %L", &e->where);
+ gfc_internal_error ("Reshaped array too large at %C");
j = mpz_get_ui (index);
@@ -3694,6 +3689,7 @@ gfc_simplify_scale (gfc_expr *x, gfc_exp
|| mpz_cmp_si (i->value.integer, -exp_range - 2) < 0)
{
gfc_error ("Result of SCALE overflows its kind at %L", &result->where);
+ gfc_free_expr (result);
return &gfc_bad_expr;
}