[Bug fortran/54599] New: Issues found in gfortran by the Coverity Scan
burnus at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Sun Sep 16 11:02:00 GMT 2012
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54599
Bug #: 54599
Summary: Issues found in gfortran by the Coverity Scan
Classification: Unclassified
Product: gcc
Version: 4.8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: burnus@gcc.gnu.org
CC: tkoenig@gcc.gnu.org
The following bugs were found by http://scan.coverity.com/ for gcc/fortran. I
walked through the list and extracted the following issues.
--------------------------------------------------------
dependency.c: LOGICAL BUG (unreachable code)
--------------------------------------------------------
401 if (l == 0)
415 else
416 {
417 if (l != 0)
I think one of the "l" should be "r".
--------------------------------------------------------
dependency.c: check_data_pointer_types
--------------------------------------------------------
Same line twice:
946 if ( expr1->expr_type != EXPR_VARIABLE
947 || expr1->expr_type != EXPR_VARIABLE)
--------------------------------------------------------
interface.c: gfc_compare_derived_types BUG
--------------------------------------------------------
Same line twice:
450 if ( !(dt1->ts.type == BT_DERIVED && derived1 ==
dt1->ts.u.derived)
451 && !(dt1->ts.type == BT_DERIVED && derived1 ==
dt1->ts.u.derived)
--------------------------------------------------------
openmp.c: gfc_resolve_do_iterator
--------------------------------------------------------
Dead code: Line 1705 is unreachable.
1690 for (j = 1; j < i; j++)
1702 if (j < i)
1703 break;
1704 do_code2 = do_code2->block->next;
1705 }
--------------------------------------------------------
cpp.c: print_line BUG
--------------------------------------------------------
841 if (loc.sysp == 2)
843 else if (loc.sysp == 1)
Issue:
sysp is "bool".
--------------------------------------------------------
interface.c:
--------------------------------------------------------
CID 722306: Array compared against 0 (NO_EFFECT)
At (1): Comparing an array to null is not useful: "ref->u.ar.as->upper".
2266 else if (ref->type == REF_ARRAY && ref->u.ar.type == AR_FULL
2267 && ref->u.ar.as->lower && ref->u.ar.as->upper)
--------------------------------------------------------
target-memory.c:
--------------------------------------------------------
At (4): Assigning: unsigned variable "len" = "gfc_target_expr_size(gfc_expr
*)".
643 len = gfc_target_expr_size (e);
CID 722280: Argument cannot be negative (NEGATIVE_RETURNS)
At (5): "len" is passed to a parameter that cannot be negative.
Here, len = size_t (unsigned); should one use HOST_WIDE_INT + and gcc_assert?
--------------------------------------------------------
error.c: Side effect in assertion
--------------------------------------------------------
547 gcc_assert (*format++ == '$');
The containing function might work differently in a non-debug build.
--------------------------------------------------------
resolve.c
--------------------------------------------------------
Loop only executed once. Should break be continue?
7419 for (i = ar->dimen; i < ar->codimen + ar->dimen; i++)
7424 if (i == (ar->dimen + ar->codimen - 1))
7428 goto failure;
7429 }
7430 break;
7433 if (ar->dimen_type[i] == DIMEN_STAR && i == (ar->dimen + ar->codimen
- 1)
7434 && ar->stride[i] == NULL)
7435 break;
7439 goto failure;
7440 }
--------------------------------------------------------
interface.c: gfc_compare_derived_types
--------------------------------------------------------
First, one checks whether "derived1" is NULL, then one uses
it unconditionally. Add an assert - and remove the check?
402 if (derived1 != NULL && derived2 != NULL
411 if (strcmp (derived1->name, derived2->name))
RFC: Should we address the following two warnings?
--------------------------------------------------------
resolve.c:
--------------------------------------------------------
Potential buffer overflow?
4015 strcpy (msg, _("COMPLEX quantities cannot be compared at %L"));
Recall, _(...) is gettext() and returns a string from the translator's .po
file; msg is 200 bytes large, i.e. 50 4-byte characters.
--------------------------------------------------------
intrinsic.c: add_sym
--------------------------------------------------------
Possible-buffer-overflow warning.
--- a/gcc/fortran/intrinsic.c
+++ b/gcc/fortran/intrinsic.c
@@ -273,2 +273,3 @@ add_sym (const char *name, gfc_isym_id id, enum klass cl,
int actual_ok, bt type
+ gcc_assert (strlen (name) + 10 < sizeof (buf));
strcpy (buf, "_gfortran_");
More information about the Gcc-bugs
mailing list