https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87908
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2018-11-06
Ever confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> ICE affects versions 8/9 :
For gcc7 I see
(null):0: confused by earlier errors, bailing out
which is equivalent to an ICE when gcc is configured with
--enable-checking=release
gcc6 gives
pr87908.f90:6:21:
generic :: read(formatted) => g
1
Error: Expected '=>' at (1)
pr87908.f90:12:20:
interface read(formatted)
1
Error: Syntax error: Trailing garbage in INTERFACE statement at (1)
pr87908.f90:13:9:
procedure g
1
Error: Unclassifiable statement at (1)
pr87908.f90:14:9:
end interface
1
Error: Expecting END SUBROUTINE statement at (1)
Compiling the test with an instrumented compiler gives
=================================================================
==69263==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000009e14
at pc 0x000100170f91 bp 0x7ffeefbfe5f0 sp 0x7ffeefbfe5e8
READ of size 1 at 0x613000009e14 thread T0
#0 0x100170f90 in check_interface0(gfc_interface*, char const*)
interface.c:1836
#1 0x10018e217 in check_sym_interfaces(gfc_symbol*) interface.c:1974
#2 0x1004bb14d in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*),
void (*)(gfc_symbol*)) symbol.c:4151
#3 0x1004d8313 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*))
symbol.c:4176
#4 0x10019595f in gfc_check_interfaces(gfc_namespace*) interface.c:2085
#5 0x100438af2 in resolve_types(gfc_namespace*) resolve.c:16643
#6 0x100438903 in resolve_types(gfc_namespace*) resolve.c:16638
#7 0x1003cabe0 in gfc_resolve(gfc_namespace*) resolve.c:16741
#8 0x10034f049 in gfc_parse_file() parse.c:6266
#9 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#10 0x10611cde8 in compile_file() toplev.c:455
#11 0x1061284a3 in do_compile() toplev.c:2172
#12 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#13 0x1095b359c in main main.c:39
#14 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)
0x613000009e14 is located 84 bytes inside of 344-byte region
[0x613000009dc0,0x613000009f18)
freed by thread T0 here:
#0 0x158cb18e0 in wrap_free.part.0 sanitizer_malloc_mac.inc:121
#1 0x1004d7a4a in gfc_free_symbol(gfc_symbol*) symbol.c:3081
#2 0x1004d7d96 in gfc_release_symbol(gfc_symbol*) symbol.c:3108
#3 0x100333334 in gfc_fixup_sibling_symbols(gfc_symbol*, gfc_namespace*)
parse.c:5485
#4 0x10034d679 in parse_contained(int) parse.c:5577
#5 0x10034e74e in parse_module() parse.c:5943
#6 0x10034f77e in gfc_parse_file() parse.c:6239
#7 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#8 0x10611cde8 in compile_file() toplev.c:455
#9 0x1061284a3 in do_compile() toplev.c:2172
#10 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#11 0x1095b359c in main main.c:39
#12 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)
previously allocated by thread T0 here:
#0 0x158cb0db3 in wrap_calloc sanitizer_malloc_mac.inc:132
#1 0x10869f9ea in xcalloc xmalloc.c:162
#2 0x1004cf141 in gfc_new_symbol(char const*, gfc_namespace*) symbol.c:3117
#3 0x1004d16cf in gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool) symbol.c:3369
#4 0x1004d2cfd in gfc_get_symbol(char const*, gfc_namespace*, gfc_symbol**)
symbol.c:3419
#5 0x1000b22c2 in match_procedure_in_interface() decl.c:6912
#6 0x1000ef830 in gfc_match_procedure() decl.c:6952
#7 0x100330018 in match_word(char const*, match (*)(), locus*) parse.c:65
#8 0x10033da46 in decode_statement() parse.c:541
#9 0x10033eef6 in next_free() parse.c:1234
#10 0x10033f8cb in next_statement() parse.c:1466
#11 0x1003473bb in parse_interface() parse.c:3455
#12 0x100345f9f in parse_spec(gfc_statement) parse.c:3810
#13 0x10034cbfa in parse_progunit(gfc_statement) parse.c:5671
#14 0x10034d622 in parse_contained(int) parse.c:5574
#15 0x10034e74e in parse_module() parse.c:5943
#16 0x10034f77e in gfc_parse_file() parse.c:6239
#17 0x100522fbf in gfc_be_parse_file() f95-lang.c:204
#18 0x10611cde8 in compile_file() toplev.c:455
#19 0x1061284a3 in do_compile() toplev.c:2172
#20 0x10915f5d7 in toplev::main(int, char**) toplev.c:2307
#21 0x1095b359c in main main.c:39
#22 0x7fff703f908c in start (libdyld.dylib:x86_64+0x1708c)
SUMMARY: AddressSanitizer: heap-use-after-free interface.c:1836 in
check_interface0(gfc_interface*, char const*)
Shadow bytes around the buggy address:
0x1c2600001370: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2600001380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2600001390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c26000013a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x1c26000013b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x1c26000013c0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c26000013d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c26000013e0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c26000013f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2600001400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2600001410: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==69263==ABORTING
f951: internal compiler error: Abort trap: 6
