[Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array.

Wed, 28 May 2014 10:17:21 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-05-28
     Ever confirmed|0                           |1

--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Confirmed on 4.8 up to trunk. If the first test is compiled with
-fsanitize=address, execution fails with

==63209==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000105f54d28 at pc 0x105f5433c bp 0x7fff59cb0150 sp 0x7fff59cb0148
READ of size 4 at 0x000105f54d28 thread T0
    #0 0x105f5433b
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000533b)
    #1 0x105f51a56
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100002a56)
    #2 0x105f544dc
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000054dc)
    #3 0x105f54883
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005883)
    #4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc)

0x000105f54d28 is located 0 bytes to the right of global variable 'A.21' from
'pr61337.f90' (0x105f54d20) of size 8
0x000105f54d28 is located 56 bytes to the left of global variable 'options.23'
from 'pr61337.f90' (0x105f54d60) of size 36
...

The modified case (call add_item twice) fails with

==63217==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0001084c0ce8 at pc 0x1084c0112 bp 0x7fff57744130 sp 0x7fff57744128
READ of size 4 at 0x0001084c0ce8 thread T0
    #0 0x1084c0111
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005111)
    #1 0x1084bd82c
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000282c)
    #2 0x1084c02b4
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000052b4)
    #3 0x1084c07c3
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000057c3)
    #4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc)

0x0001084c0ce8 is located 0 bytes to the right of global variable 'A.21' from
'pr61337_1.f90' (0x1084c0ce0) of size 8
0x0001084c0ce8 is located 56 bytes to the left of global variable 'A.24' from
'pr61337_1.f90' (0x1084c0d20) of size 8

Reply via email to