[Bug fortran/66528] [6 Regression] unbalanced IF/ENDIF with -fmax-errors=1 causes invalid free
manu at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Sun Jun 14 16:25:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66528
--- Comment #4 from Manuel López-Ibáñez <manu at gcc dot gnu.org> ---
(In reply to Thomas Koenig from comment #3)
> (In reply to Dominique d'Humieres from comment #2)
>
> > Usual suspect r223677 (pr66082).
>
> I don't believe that a change to trans-array.c can cause
> a parsing failure. I would rather suspect r223614 .
Yes, this is my fault. diagnostic_finish tries to free the output_buffer, but
the error_buffer is statically allocated. I think this should be enough:
--- error.c (revision 223651)
+++ error.c (working copy)
@@ -1379,12 +1379,12 @@ gfc_error_check (void)
output_buffer *tmp_buffer = pp->buffer;
pp->buffer = pp_error_buffer;
pp_really_flush (pp);
++errorcount;
gcc_assert (gfc_output_buffer_empty_p (pp_error_buffer));
- diagnostic_action_after_output (global_dc, DK_ERROR);
pp->buffer = tmp_buffer;
+ diagnostic_action_after_output (global_dc, DK_ERROR);
return true;
}
return false;
}
However, a better fix may be to make the error_buffer also dynamically
allocated like the warning_buffer. Not sure why I did the change.
(It would be nice to have a testcase testing this in the regression testsuite.)
> Here is the first error reported by valgrind:
>
> ==1154== Invalid free() / delete / delete[] / realloc()
> ==1154== at 0x4C28ADC: free (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==1154== by 0x126B11B: diagnostic_finish(diagnostic_context*)
> (diagnostic.c:230)
> ==1154== by 0x126BF11:
> diagnostic_action_after_output(diagnostic_context*, diagnostic_t)
> (diagnostic.c:566)
> ==1154== by 0x63FB0B: gfc_error_check() (error.c:1384)
> ==1154== by 0x687E47: decode_statement() (parse.c:554)
> ==1154== by 0x689740: next_statement() (parse.c:1048)
> ==1154== by 0x68BA0C: parse_executable(gfc_statement) (parse.c:4593)
> ==1154== by 0x68C430: parse_executable(gfc_statement) (parse.c:3519)
> ==1154== by 0x68CA06: parse_progunit(gfc_statement) (parse.c:4976)
> ==1154== by 0x68E167: gfc_parse_file() (parse.c:5424)
> ==1154== by 0x6CE642: gfc_be_parse_file() (f95-lang.c:215)
> ==1154== by 0xBCA44E: compile_file() (toplev.c:560)
> ==1154== Address 0x1cfefa8 is 8 bytes inside data symbol "_ZL12error_buffer"
More information about the Gcc-bugs
mailing list