https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66528
--- Comment #4 from Manuel López-Ibáñez <manu at gcc dot gnu.org> --- (In reply to Thomas Koenig from comment #3) > (In reply to Dominique d'Humieres from comment #2) > > > Usual suspect r223677 (pr66082). > > I don't believe that a change to trans-array.c can cause > a parsing failure. I would rather suspect r223614 . Yes, this is my fault. diagnostic_finish tries to free the output_buffer, but the error_buffer is statically allocated. I think this should be enough: --- error.c (revision 223651) +++ error.c (working copy) @@ -1379,12 +1379,12 @@ gfc_error_check (void) output_buffer *tmp_buffer = pp->buffer; pp->buffer = pp_error_buffer; pp_really_flush (pp); ++errorcount; gcc_assert (gfc_output_buffer_empty_p (pp_error_buffer)); - diagnostic_action_after_output (global_dc, DK_ERROR); pp->buffer = tmp_buffer; + diagnostic_action_after_output (global_dc, DK_ERROR); return true; } return false; } However, a better fix may be to make the error_buffer also dynamically allocated like the warning_buffer. Not sure why I did the change. (It would be nice to have a testcase testing this in the regression testsuite.) > Here is the first error reported by valgrind: > > ==1154== Invalid free() / delete / delete[] / realloc() > ==1154== at 0x4C28ADC: free (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==1154== by 0x126B11B: diagnostic_finish(diagnostic_context*) > (diagnostic.c:230) > ==1154== by 0x126BF11: > diagnostic_action_after_output(diagnostic_context*, diagnostic_t) > (diagnostic.c:566) > ==1154== by 0x63FB0B: gfc_error_check() (error.c:1384) > ==1154== by 0x687E47: decode_statement() (parse.c:554) > ==1154== by 0x689740: next_statement() (parse.c:1048) > ==1154== by 0x68BA0C: parse_executable(gfc_statement) (parse.c:4593) > ==1154== by 0x68C430: parse_executable(gfc_statement) (parse.c:3519) > ==1154== by 0x68CA06: parse_progunit(gfc_statement) (parse.c:4976) > ==1154== by 0x68E167: gfc_parse_file() (parse.c:5424) > ==1154== by 0x6CE642: gfc_be_parse_file() (f95-lang.c:215) > ==1154== by 0xBCA44E: compile_file() (toplev.c:560) > ==1154== Address 0x1cfefa8 is 8 bytes inside data symbol "_ZL12error_buffer"