https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99307
--- Comment #5 from Paul Thomas <pault at gcc dot gnu.org> --- (In reply to Tobias Burnus from comment #4) > (In reply to Dominique d'Humieres from comment #1) > > Reduced test > > While -fsanitize=address,undefined does not find anything on > x86_64-gnu-linux, I do see with valgrind: > > ==98347== Invalid write of size 8 > ==98347== at 0x40397E: test_t1_ (ijd.f90:43) > ==98347== by 0x403A4E: MAIN__ (ijd.f90:60) > ==98347== by 0x403A85: main (ijd.f90:61) > ==98347== Address 0x4f55c98 is 8 bytes inside a block of size 12 alloc'd > ==98347== at 0x483DFAF: realloc (in > /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) > ==98347== by 0x402A6D: test_t1_ (ijd.f90:40) > ==98347== by 0x403A4E: MAIN__ (ijd.f90:60) > ==98347== by 0x403A85: main (ijd.f90:61) > > That's: > x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)] > y = x > x = realloc_t1 (y) ! <<< line 40, 8 bytes alloc'd inside block of size 12 > x = realloc_t1 (x) > x = x(3:1:-1) + y > x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)] ! <<< line 43, invalid write of > size 8 > > Looking at the Fortran code, > x and y have the dynamic type T2 until 'realloc_t1', which turns this into > the dynamic type T1. > > In the last line (line 43), the dynamic type changes again to T2. > > In terms of memory usage: 3*8bytes before the first realloc_t1 call, then > 3*4bytes and for the last line again 3*8bytes. > > * * * > > It seems as if the reallocation does not work properly if the dynamic type > changes – at least not if the required size increased in the assignment. > (The valgrind message implies that shrinking did work in line 40.) I am unable to see why this is happening. The valgrind complaints go away if a different array size is assigned before the changes in type. For some reason, it seems that the vptr->size is not being read correctly or is never set. Paul
