[Bug fortran/82979] [PDT] [F2003] [ice-on-invalid] ICE (segfault) on invalid type-param-name-list in PDT declaration

Wed, 15 Nov 2017 03:24:07 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82979

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |error-recovery
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2017-11-15
     Ever confirmed|0                           |1

--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Confirmed.

My instrumented gfortran gives

Error: Expected parameter list in type declaration at (1)
=================================================================
==77480==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000002f00
at pc 0x0001004995e8 bp 0x7ffeefbfe670 sp 0x7ffeefbfe668
READ of size 8 at 0x613000002f00 thread T0
    #0 0x1004995e7 in gfc_restore_last_undo_checkpoint() symbol.c:3647
    #1 0x10049aa2c in gfc_undo_symbols() symbol.c:3727
    #2 0x1002fefd5 in reject_statement() parse.c:2546
    #3 0x1002ff11d in match_word(char const*, match (*)(), locus*) parse.c:70
    #4 0x10030cdd0 in decode_statement() parse.c:565
    #5 0x10030e091 in next_free() parse.c:1225
    #6 0x10030ea5e in next_statement() parse.c:1457
    #7 0x10031e6f4 in gfc_parse_file() parse.c:6160
    #8 0x1004d36b3 in gfc_be_parse_file() f95-lang.c:204
    #9 0x1052de1b0 in compile_file() toplev.c:454
    #10 0x1052e857d in do_compile() toplev.c:2059
    #11 0x1075dd23b in toplev::main(int, char**) toplev.c:2194
    #12 0x1075e2a87 in main main.c:39
    #13 0x7fff5ec55144 in start (libdyld.dylib:x86_64+0x1144)

0x613000002f00 is located 320 bytes inside of 336-byte region
[0x613000002dc0,0x613000002f10)
freed by thread T0 here:
    #0 0x155318460 in wrap_free.part.0 sanitizer_malloc_mac.inc:142
    #1 0x100489adb in gfc_free_symbol(gfc_symbol*) symbol.c:3061
    #2 0x100489e27 in gfc_release_symbol(gfc_symbol*) symbol.c:3088
    #3 0x10048a2a6 in free_sym_tree(gfc_symtree*) symbol.c:3890
    #4 0x10048905b in gfc_free_namespace(gfc_namespace*) symbol.c:4045
    #5 0x100489a6c in gfc_free_symbol(gfc_symbol*) symbol.c:3054
    #6 0x100489e27 in gfc_release_symbol(gfc_symbol*) symbol.c:3088
    #7 0x10049a1c7 in gfc_restore_last_undo_checkpoint() symbol.c:3696
    #8 0x10049aa2c in gfc_undo_symbols() symbol.c:3727
    #9 0x1002fefd5 in reject_statement() parse.c:2546
    #10 0x1002ff11d in match_word(char const*, match (*)(), locus*) parse.c:70
    #11 0x10030cdd0 in decode_statement() parse.c:565
    #12 0x10030e091 in next_free() parse.c:1225
    #13 0x10030ea5e in next_statement() parse.c:1457
    #14 0x10031e6f4 in gfc_parse_file() parse.c:6160
    #15 0x1004d36b3 in gfc_be_parse_file() f95-lang.c:204
    #16 0x1052de1b0 in compile_file() toplev.c:454
    #17 0x1052e857d in do_compile() toplev.c:2059
    #18 0x1075dd23b in toplev::main(int, char**) toplev.c:2194
    #19 0x1075e2a87 in main main.c:39
    #20 0x7fff5ec55144 in start (libdyld.dylib:x86_64+0x1144)

previously allocated by thread T0 here:
    #0 0x155317aac in wrap_calloc sanitizer_malloc_mac.inc:153
    #1 0x10746b354 in xcalloc xmalloc.c:162
    #2 0x100480eb1 in gfc_new_symbol(char const*, gfc_namespace*) symbol.c:3099
    #3 0x1004833c0 in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool) symbol.c:3348
    #4 0x100484a01 in gfc_get_symbol(char const*, gfc_namespace*, gfc_symbol**)
symbol.c:3401
    #5 0x1000b162d in gfc_match_formal_arglist(gfc_symbol*, int, int, bool)
decl.c:5959
    #6 0x1000cd42e in gfc_match_derived_decl() decl.c:9829
    #7 0x1002ff09b in match_word(char const*, match (*)(), locus*) parse.c:65
    #8 0x10030cdd0 in decode_statement() parse.c:565
    #9 0x10030e091 in next_free() parse.c:1225
    #10 0x10030ea5e in next_statement() parse.c:1457
    #11 0x10031e6f4 in gfc_parse_file() parse.c:6160
    #14 0x1052e857d in do_compile() toplev.c:2059
    #15 0x1075dd23b in toplev::main(int, char**) toplev.c:2194
    #16 0x1075e2a87 in main main.c:39
    #17 0x7fff5ec55144 in start (libdyld.dylib:x86_64+0x1144)

SUMMARY: AddressSanitizer: heap-use-after-free symbol.c:3647 in
gfc_restore_last_undo_checkpoint()
Shadow bytes around the buggy address:
  0x1c2600000590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c26000005a0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x1c26000005b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c26000005c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c26000005d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c26000005e0:[fd]fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c26000005f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2600000630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==77480==ABORTING
f951: internal compiler error: Abort trap: 6

Reply via email to