------- Additional Comments From Thomas dot Koenig at online dot de 2005-03-09
15:13 -------
$ cat eoshift.f90
print *,eoshift((/1, 3/), 3)
end
$ gfortran eoshift.f90
$ ./a.out
Segmentation fault
This fails because the loop
for (n = 0; n < len; n++)
{
memcpy (dest, src, size);
dest += roffset;
src += soffset;
}
at line 146 ff. in eoshift0.c runs over its bounds
with the test case, because both n and len are of type index_type,
index_type is size_t, which is unsigned, and len is supposed to be -1
(so it's either 0xffffffff or 0xffffffffffffffff, depending on
wether size_t is 32-bit or 64-bit).
This has an "easy", one-letter fix: typedef index_type as ssize_t
instad of size_t in libgfortran.h.
This fixes the bug and causes no testsuite regressions. It also
has the potential to fix other, latent bugs like this one. This is
also a design decision which I feel should be discussed on
the fortran mailing list.
It would require some configuration work for libgfortran (not
all systems have ssize_t), which I don't feel I can handle
competently at the moment, so I won't submit a patch (at least
not now).
Thomas
--
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=18958
