[Bug fortran/110987] New: Segmentation fault after finalization of a temporary variable

Fri, 11 Aug 2023 02:11:36 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110987

            Bug ID: 110987
           Summary: Segmentation fault after finalization of a temporary
                    variable
           Product: gcc
           Version: 13.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: chilikin.k at gmail dot com
  Target Milestone: ---

Created attachment 55720
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=55720&action=edit
Test case

The attached test program works fine with gfortran 12.2.0 and crashes with
a segmentation fault when compiled with gfortran 13.2.0. The compilation
command is

gfortran -g -o test test.f90

The segmentation fault happens when the function T1_GET_NEXT() tries to access
SELF%NEXT(1)%T1, which is deallocated and overwritten:

$ valgrind ./test

==1651009== Invalid read of size 8
==1651009==    at 0x40251D: __test_module_MOD_t1_get_next (in test)
==1651009==    by 0x403678: MAIN__ (in test)
==1651009==    by 0x4036D0: main (in test)
==1651009==  Address 0x4e92d48 is 8 bytes inside a block of size 16 free'd
==1651009==    at 0x48399AB: free (vg_replace_malloc.c:538)
==1651009==    by 0x402876: __test_module_MOD_t1_destructor (in test)
==1651009==    by 0x401812: __test_module_MOD___final_test_module_T1 (in test)
==1651009==    by 0x4035CF: MAIN__ (in test)
==1651009==    by 0x4036D0: main (in test)
==1651009==  Block was alloc'd at
==1651009==    at 0x483877F: malloc (vg_replace_malloc.c:307)
==1651009==    by 0x4026AF: __test_module_MOD_t1_set_n_next (in test)
==1651009==    by 0x402466: __test_module_MOD_t2_constructor (in test)
==1651009==    by 0x402E93: MAIN__ (in test)
==1651009==    by 0x4036D0: main (in test)

The corresponding part of the output of

$ objdump -S ./test | less

is attached. The final-subroutine call which incorrectly deallocates memory
happens at 4035cd, between the calls of __test_module_MOD_t3_constructor and
__test_module_MOD_t1_set_n_next. Thus, the finalization seems to happen for
the temporary variable allocated as the result of T3() call, which is assigned
then to X3, and the memory corresponding to

    CLASS(T1_POINTER), ALLOCATABLE :: NEXT(:)

is probably the same for that temporary variable and X3 (in contradiction with
10.2.1.3.13 item (2) of Fortran 2018?).

May be related to the fix of bug 80524.

Reply via email to