------- Comment #3 from dfranke at gcc dot gnu dot org 2008-06-07 12:56 -------
Traced this down to libcpp, charset.c(cpp_interpret_string). There, the 'to'
string is not properly NUL-terminated, although the comments indicate that this
is the intention of the code.
Example:
$> cat x.f90
# 1 "y.f90"
end
(gdb) break do_linemarker
(gdb) run -cpp dummy -E x.f90
[step to cpp_interpret_string]
(gdb) print *from
[at beginning of cpp_interpret_string]
$19 = {len = 7, text = 0x89dd3d1 "\"y.f90\""}
[at end of cpp_interpret_string]
(gdb) print *to
$39 = {len = 5, text = 0x89d3f48 "y.f90òô·"}
$> valgrind f951 -cpp dummy -E x.f90
[...]
==29785== Invalid read of size 1
==29785== at 0x805995F: print_line (cpp.c:755)
==29785== by 0x8059BAF: cb_file_change (cpp.c:811)
==29785== by 0x87C6865: do_linemarker (directives.c:993)
==29785== by 0x87C543E: _cpp_handle_directive (directives.c:483)
==29785== by 0x87D427F: _cpp_scan_out_logical_line (traditional.c:634)
==29785== by 0x87D4961: _cpp_read_logical_line_trad (traditional.c:305)
==29785== by 0x805981D: scan_translation_unit_trad (cpp.c:701)
==29785== by 0x805945B: gfc_cpp_preprocess (cpp.c:568)
==29785== by 0x80B0C0C: gfc_new_file (scanner.c:1929)
==29785== by 0x80C74E7: gfc_init (f95-lang.c:303)
==29785== by 0x8374465: toplev_main (toplev.c:2045)
==29785== by 0x8114E81: main (main.c:35)
==29785== Address 0x425bd25 is 0 bytes after a block of size 5 alloc'd
==29785== at 0x402298D: realloc (vg_replace_malloc.c:429)
==29785== by 0x87E8066: xrealloc (xmalloc.c:179)
==29785== by 0x87D61AF: cpp_interpret_string (charset.c:1392)
==29785== by 0x87D6B42: cpp_interpret_string_notranslate (charset.c:1416)
==29785== by 0x87C689D: do_linemarker (directives.c:956)
==29785== by 0x87C543E: _cpp_handle_directive (directives.c:483)
==29785== by 0x87D427F: _cpp_scan_out_logical_line (traditional.c:634)
==29785== by 0x87D4961: _cpp_read_logical_line_trad (traditional.c:305)
==29785== by 0x805981D: scan_translation_unit_trad (cpp.c:701)
==29785== by 0x805945B: gfc_cpp_preprocess (cpp.c:568)
==29785== by 0x80B0C0C: gfc_new_file (scanner.c:1929)
==29785== by 0x80C74E7: gfc_init (f95-lang.c:303)
[...]
Interestingly, an equivalent c-code does not give the invalid reads. Either the
C-frontend does account for this, or it works by chance?!
Added Tom Tromey as CC.
Tom any insights from your point of view?
--
dfranke at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36379
