https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78618
--- Comment #18 from Steve Kargl <sgk at troutmask dot apl.washington.edu> --- On Sun, Dec 04, 2016 at 04:24:21PM +0000, janus at gcc dot gnu.org wrote: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78618 > > Maybe one can instead try to nullify the memory in gfc_free charlen, so that > we > at least know that cl->lengh is not a valid pointer? (Something similar is > also > done in gfc_free_expr / free_expr0 in expr.c.) > > Index: symbol.c > =================================================================== > --- symbol.c (revision 243224) > +++ symbol.c (working copy) > @@ -3838,6 +3838,7 @@ gfc_free_charlen (gfc_charlen *cl, gfc_charlen *en > > cl2 = cl->next; > gfc_free_expr (cl->length); > + memset (cl, '\0', sizeof (gfc_charlen)); > free (cl); > } > } > Doesn't that leak memory? The 'free(cl)' in the line after memset() should be a NOP, so whatever cl pointed to before the memset() is leaked. Hmmm, doesn't seem to help. Setting a break point in gdb at gfc_free_charlen, I see Breakpoint 1, gfc_free_charlen (cl=0x0, end=0x0) at /mnt/kargl/gcc/gcc/fortran/symbol.c:3832 3832 { (gdb) Continuing. Program received signal SIGSEGV, Segmentation fault. gfc_is_constant_expr (e=0x193e) at /mnt/kargl/gcc/gcc/fortran/expr.c:897 897 switch (e->expr_type) Note, gfc_charlen_free() was called 43 times before the SIGSEGV. In only one call, cl was non-NULL.
