https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124450
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Jakub Jelinek <[email protected]>: https://gcc.gnu.org/g:adefcfed81e19aa250f34914182a7c5580dc6e2a commit r16-8036-gadefcfed81e19aa250f34914182a7c5580dc6e2a Author: Jakub Jelinek <[email protected]> Date: Thu Mar 12 12:39:43 2026 +0100 fortran: Fix UB in transfer_expr [PR124450] trans-io.cc (transfer_array_component) calls transfer_expr with NULL code: transfer_expr (&se, &cm->ts, tmp, NULL, NULL_TREE); I'm surprised it doesn't ICE in other spots that dereference code->whatever but each one is guarded with some condition that perhaps don't trigger in that case for some reason. Anyway, the &code->loc case does trigger, it doesn't ICE, but it is undefined behavior in the compiler when code is NULL, and we'd crash if the where argument of 3*sizeof(void*) is dereferenced. Code I've checked can handle NULL where though. 2026-03-12 Jakub Jelinek <[email protected]> PR fortran/124450 * trans-io.cc (transfer_expr): If code is NULL, call transfer_array_component with NULL where argument rather than &code->loc. * gfortran.dg/pr124450.f90: New test.
