[Bug fortran/58787] ICE (error recovery) in check_proc_interface

dominiq at lps dot ens.fr gcc-bugzilla@gcc.gnu.org
Fri Mar 16 22:57:00 GMT 2018 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58787

--- Comment #8 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Does it still fail for you?

Yep!-(

...
Error: Expecting END SUBROUTINE statement at (1)
=================================================================
==19146==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000005b90
at pc 0x00010042c261 bp 0x7ffeefbfe830 sp 0x7ffeefbfe828
READ of size 1 at 0x613000005b90 thread T0
    #0 0x10042c260 in resolve_formal_arglist(gfc_symbol*) resolve.c:281
    #1 0x10042fb23 in find_arglists(gfc_symbol*) resolve.c:551
    #2 0x1004acd3e in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*)) symbol.c:4159
    #3 0x1004cafa3 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
symbol.c:4184
    #4 0x1003731a5 in resolve_formal_arglists(gfc_namespace*) resolve.c:564
    #5 0x1003af5a2 in resolve_contained_functions(gfc_namespace*)
resolve.c:1119
    #6 0x10042fec6 in resolve_types(gfc_namespace*) resolve.c:16470
    #7 0x1003c3d32 in gfc_resolve(gfc_namespace*) resolve.c:16595
    #8 0x1003290b2 in resolve_all_program_units(gfc_namespace*) parse.c:6060
    #9 0x100348734 in gfc_parse_file() parse.c:6308
    #10 0x100515192 in gfc_be_parse_file() f95-lang.c:204
    #11 0x105d1be48 in compile_file() toplev.c:455
    #12 0x105d26f8a in do_compile() toplev.c:2132
    #13 0x108294d19 in toplev::main(int, char**) toplev.c:2267
    #14 0x10829a1ff in main main.c:39
    #15 0x7fff5260c114 in start (libdyld.dylib:x86_64+0x1114)

0x613000005b90 is located 80 bytes inside of 336-byte region
[0x613000005b40,0x613000005c90)
freed by thread T0 here:
    #0 0x156eff370 in wrap_free.part.0 sanitizer_malloc_mac.inc:142
    #1 0x1004ca6da in gfc_free_symbol(gfc_symbol*) symbol.c:3063
    #2 0x1004caa26 in gfc_release_symbol(gfc_symbol*) symbol.c:3090
    #3 0x1004caea2 in free_sym_tree(gfc_symtree*) symbol.c:3892
    #4 0x1004c9c5a in gfc_free_namespace(gfc_namespace*) symbol.c:4047
    #5 0x1004caba2 in gfc_release_symbol(gfc_symbol*) symbol.c:3082
    #6 0x1004caea2 in free_sym_tree(gfc_symtree*) symbol.c:3892
    #7 0x1004c9c5a in gfc_free_namespace(gfc_namespace*) symbol.c:4047
    #8 0x100347983 in parse_contained(int) parse.c:5616
    #9 0x10034687f in parse_progunit(gfc_statement) parse.c:5739
    #10 0x100348892 in gfc_parse_file() parse.c:6214
    #11 0x100515192 in gfc_be_parse_file() f95-lang.c:204
    #12 0x105d1be48 in compile_file() toplev.c:455
    #13 0x105d26f8a in do_compile() toplev.c:2132
    #14 0x108294d19 in toplev::main(int, char**) toplev.c:2267
    #15 0x10829a1ff in main main.c:39
    #16 0x7fff5260c114 in start (libdyld.dylib:x86_64+0x1114)

previously allocated by thread T0 here:
    #0 0x156efe9e0 in wrap_calloc sanitizer_malloc_mac.inc:153
    #1 0x108242032 in xcalloc xmalloc.c:162
    #2 0x1004c1ac1 in gfc_new_symbol(char const*, gfc_namespace*) symbol.c:3099
    #3 0x10028842e in load_needed(pointer_info*) module.c:4922
    #4 0x100287e4f in load_needed(pointer_info*) module.c:4890
    #5 0x100287e9a in load_needed(pointer_info*) module.c:4891
    #6 0x10028db10 in read_module() module.c:5370
    #7 0x10028f4d5 in gfc_use_module(gfc_use_list*) module.c:7072
    #8 0x1002935f6 in gfc_use_modules() module.c:7196
    #9 0x100329dc6 in use_modules() parse.c:114
    #10 0x100335f2a in decode_statement() parse.c:332
    #11 0x100338870 in next_free() parse.c:1230
    #12 0x10033923e in next_statement() parse.c:1462
    #13 0x10033f7eb in parse_spec(gfc_statement) parse.c:3854
    #14 0x100346376 in parse_progunit(gfc_statement) parse.c:5667
    #15 0x100348892 in gfc_parse_file() parse.c:6214
    #16 0x100515192 in gfc_be_parse_file() f95-lang.c:204
    #17 0x105d1be48 in compile_file() toplev.c:455
    #18 0x105d26f8a in do_compile() toplev.c:2132
    #19 0x108294d19 in toplev::main(int, char**) toplev.c:2267
    #20 0x10829a1ff in main main.c:39
    #21 0x7fff5260c114 in start (libdyld.dylib:x86_64+0x1114)

SUMMARY: AddressSanitizer: heap-use-after-free resolve.c:281 in
resolve_formal_arglist(gfc_symbol*)
Shadow bytes around the buggy address:
  0x1c2600000b20: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2600000b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2600000b50: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
  0x1c2600000b60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x1c2600000b70: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600000b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600000b90: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600000bb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600000bc0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==19146==ABORTING
f951: internal compiler error: Abort trap: 6

More information about the Gcc-bugs mailing list