http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46884
Summary: Use of charlen after free
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Keywords: ice-on-valid-code
Severity: normal
Priority: P3
Component: fortran
AssignedTo: ja...@gcc.gnu.org
ReportedBy: ja...@gcc.gnu.org
On:
SUBROUTINE F
IMPLICIT CHARACTER*12 (C)
CALL G(C1)
CALL H(C1(1:4))
END
I get:
valgrind -q ./f951 -quiet r.f
==15321== Invalid read of size 8
==15321== at 0x51F16A: resolve_substring (resolve.c:4593)
==15321== by 0x51F59F: resolve_ref (resolve.c:4706)
==15321== by 0x51FB21: resolve_variable (resolve.c:4919)
==15321== by 0x521FAF: gfc_resolve_expr (resolve.c:6020)
==15321== by 0x518918: resolve_actual_arglist (resolve.c:1556)
==15321== by 0x51CAE5: resolve_call (resolve.c:3541)
==15321== by 0x527DB7: resolve_code (resolve.c:9000)
==15321== by 0x531A39: resolve_codes (resolve.c:13381)
==15321== by 0x531B37: gfc_resolve (resolve.c:13408)
==15321== by 0x50F3EE: resolve_all_program_units (parse.c:4201)
==15321== by 0x50FA6F: gfc_parse_file (parse.c:4430)
==15321== by 0x5542A3: gfc_be_parse_file (f95-lang.c:250)
==15321== Address 0x535f0d0 is 0 bytes inside a block of size 48 free'd
==15321== at 0x4A05187: free (vg_replace_malloc.c:325)
==15321== by 0x4F9F05: gfc_free (misc.c:51)
==15321== by 0x54B644: gfc_free_charlen (symbol.c:3253)
==15321== by 0x50BC85: reject_statement (parse.c:1655)
==15321== by 0x508C7E: match_word (parse.c:70)
==15321== by 0x509450: decode_statement (parse.c:280)
==15321== by 0x50AFA4: next_fixed (parse.c:864)
==15321== by 0x50B0A0: next_statement (parse.c:913)
==15321== by 0x50E7B7: parse_executable (parse.c:3737)
==15321== by 0x50EE31: parse_progunit (parse.c:3955)
==15321== by 0x50F78D: gfc_parse_file (parse.c:4327)
==15321== by 0x5542A3: gfc_be_parse_file (f95-lang.c:250)
==15321==
with a larger testcase that actually leads to ICE even without valgrind.
