https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99307
Tobias Burnus <burnus at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |burnus at gcc dot gnu.org --- Comment #4 from Tobias Burnus <burnus at gcc dot gnu.org> --- (In reply to Dominique d'Humieres from comment #1) > Reduced test While -fsanitize=address,undefined does not find anything on x86_64-gnu-linux, I do see with valgrind: ==98347== Invalid write of size 8 ==98347== at 0x40397E: test_t1_ (ijd.f90:43) ==98347== by 0x403A4E: MAIN__ (ijd.f90:60) ==98347== by 0x403A85: main (ijd.f90:61) ==98347== Address 0x4f55c98 is 8 bytes inside a block of size 12 alloc'd ==98347== at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==98347== by 0x402A6D: test_t1_ (ijd.f90:40) ==98347== by 0x403A4E: MAIN__ (ijd.f90:60) ==98347== by 0x403A85: main (ijd.f90:61) That's: x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)] y = x x = realloc_t1 (y) ! <<< line 40, 8 bytes alloc'd inside block of size 12 x = realloc_t1 (x) x = x(3:1:-1) + y x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)] ! <<< line 43, invalid write of size 8 Looking at the Fortran code, x and y have the dynamic type T2 until 'realloc_t1', which turns this into the dynamic type T1. In the last line (line 43), the dynamic type changes again to T2. In terms of memory usage: 3*8bytes before the first realloc_t1 call, then 3*4bytes and for the last line again 3*8bytes. * * * It seems as if the reallocation does not work properly if the dynamic type changes – at least not if the required size increased in the assignment. (The valgrind message implies that shrinking did work in line 40.)