https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106946
--- Comment #8 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-15 branch has been updated by Jerry DeLisle <[email protected]>: https://gcc.gnu.org/g:e848a6548d356d1f73e75e82d9dc5f1795082d07 commit r15-10959-ge848a6548d356d1f73e75e82d9dc5f1795082d07 Author: Jerry DeLisle <[email protected]> Date: Sun Mar 15 11:49:20 2026 -0700 fortran: Backport of fixes from [PR106946] and [PR124482] When a CLASS component declaration inside a derived type has a syntax error (for example, a missing comma), gfc_build_class_symbol creates a CLASS container symbol outside the undo mechanism. Error recovery then frees the referenced type but leaves the CLASS container orphaned with dangling pointers, leading to an ICE during later resolution. Fix this by removing CLASS components created during a failed data declaration from the derived type component chain, deleting their namespace symtree entries only when they are still present, releasing the CLASS container symbol, and freeing the component itself. Also expand the regression coverage to exercise allocatable and pointer CLASS declarations, including a valid component followed by a bad one. The error recovery added in r16-8021 (PR106946) freed CLASS container symbols when removing invalid CLASS components from a derived type. However, gfc_build_class_symbol reuses existing containers when multiple components share the same class type and attributes. Freeing the container for a failed component also invalidated it for previously committed components, causing a use-after-free detectable with valgrind and manifesting as a SEGV on Solaris/SPARC. Fix by deferring CLASS container cleanup until after all failed components are unlinked, then freeing the container only if no remaining component still references it. PR fortran/106946 PR fortran/124482 gcc/fortran/ChangeLog: * decl.cc (gfc_match_data_decl): Defer CLASS container cleanup until after all failed components are unlinked. Check remaining component list before freeing a shared container. * gfortran.h (gfc_free_component): Declare. (gfc_delete_symtree): Declare. * symbol.cc (gfc_free_component): New function. (free_components): Use it. gcc/testsuite/ChangeLog: * gfortran.dg/pr106946.f90: New test.
