https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60576
--- Comment #42 from anlauf at gcc dot gnu.org --- Created attachment 64223 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=64223&action=edit Reduced testcase This reproduces the issue here when passing assumed-rank type to assumed-rank class arrays, see indicated line. The issue vanished if I comment the call. % gfc-16 assumed_rank_7a.f90 -fsanitize=address && ./a.out ================================================================= ==1234118==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x10d47a0f00e8 at pc 0x14d47c9270cc bp 0x7ffe82cae130 sp 0x7ffe82cad8f0 READ of size 360 at 0x10d47a0f00e8 thread T0 #0 0x14d47c9270cb in memcpy ../../../../gcc-trunk/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:117 #1 0x0000004027a2 in bar.2 (/home/anlauf/gcc-bugs/a.out+0x4027a2) #2 0x000000401711 in MAIN__ (/home/anlauf/gcc-bugs/a.out+0x401711) #3 0x0000004028e6 in main (/home/anlauf/gcc-bugs/a.out+0x4028e6) #4 0x14d47c14833f in __libc_start_call_main (/lib64/libc.so.6+0x2a33f) (BuildId: 09f0d581f82df95136a7f988671000cd633b639d) #5 0x14d47c148408 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2a408) (BuildId: 09f0d581f82df95136a7f988671000cd633b639d) #6 0x0000004011c4 in _start ../sysdeps/x86_64/start.S:115 Address 0x10d47a0f00e8 is located in stack of thread T0 at offset 232 in frame #0 0x000000401335 in MAIN__ (/home/anlauf/gcc-bugs/a.out+0x401335) This frame has 4 object(s): [48, 56) 'FRAME.21' (line 2) [80, 104) 'at' (line 7) [144, 232) 'parm.8' (line 10) [272, 800) 'dt_parm.9' (line 11) <== Memory access at offset 232 partially underflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/anlauf/gcc-bugs/a.out+0x4027a2) in bar.2 Shadow bytes around the buggy address: 0x10d47a0efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0efe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0eff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0f0000: f1 f1 f1 f1 f1 f1 00 f2 f2 f2 00 00 00 f2 f2 f2 =>0x10d47a0f0080: f2 f2 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 0x10d47a0f0100: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0f0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0f0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0f0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10d47a0f0300: 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1234118==ABORTING
