[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2023-08-26 Thread mikael at gcc dot gnu.org via Gcc-bugs 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Mikael Morin  changed:

   What|Removed |Added

 CC||mikael at gcc dot gnu.org

--- Comment #6 from Mikael Morin  ---
Can't reproduce with recent master (14.0.0 20230814).

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2020-04-06 Thread foreese at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Fritz Reese  changed:

   What|Removed |Added

  Known to fail||10.0
 CC||foreese at gcc dot gnu.org
   Last reconfirmed|2018-07-24 00:00:00 |2020-4-6

--- Comment #5 from Fritz Reese  ---
I can confirm using valgrind that the invalid read is still present on trunk:

[...]
$ gfortran --version |& head -n1
GNU Fortran (GCC) 10.0.1 20200406 (experimental)
$ valgrind --track-origins=yes f951 -fdec dec_type_print_2.f03
==16491== Invalid read of size 1
==16491==at 0x8721CA: gfc_add_flavor(symbol_attribute*, sym_flavor, char
const*, locus*) (symbol.c:1775)
==16491==by 0x8724E8: gfc_add_generic(symbol_attribute*, char const*,
locus*) (symbol.c:1710)
==16491==by 0x7C2BDD: gfc_match_derived_decl() [clone .part.0]
(decl.c:10434)
==16491==by 0x7C3518: gfc_match_derived_decl (decl.c:10339)
==16491==by 0x7C3518: gfc_match_type(gfc_statement*) (decl.c:10311)
==16491==by 0x8293C8: decode_statement() (parse.c:418)
==16491==by 0x82EC84: next_free (parse.c:1279)
==16491==by 0x82EC84: next_statement() (parse.c:1511)
==16491==by 0x8307BC: parse_spec(gfc_statement) (parse.c:3922)
==16491==by 0x8334FC: parse_progunit(gfc_statement) (parse.c:5851)
==16491==by 0x834BE6: gfc_parse_file() (parse.c:6392)
==16491==by 0x88529F: gfc_be_parse_file() (f95-lang.c:210)
==16491==by 0xDEA153: compile_file() (toplev.c:458)
==16491==by 0x78E62B: do_compile (toplev.c:2273)
==16491==by 0x78E62B: toplev::main(int, char**) (toplev.c:2412)
==16491==  Address 0x5f93a38 is 280 bytes inside a block of size 344 free'd
==16491==at 0x4C2AF9D: free (vg_replace_malloc.c:540)
==16491==by 0x8758C1: gfc_restore_last_undo_checkpoint() (symbol.c:3697)
==16491==by 0x8293B1: decode_statement() (parse.c:414)
==16491==by 0x82EC84: next_free (parse.c:1279)
==16491==by 0x82EC84: next_statement() (parse.c:1511)
==16491==by 0x8307BC: parse_spec(gfc_statement) (parse.c:3922)
==16491==by 0x8334FC: parse_progunit(gfc_statement) (parse.c:5851)
==16491==by 0x834BE6: gfc_parse_file() (parse.c:6392)
==16491==by 0x88529F: gfc_be_parse_file() (f95-lang.c:210)
==16491==by 0xDEA153: compile_file() (toplev.c:458)
==16491==by 0x78E62B: do_compile (toplev.c:2273)
==16491==by 0x78E62B: toplev::main(int, char**) (toplev.c:2412)
==16491==by 0x7921DE: main (main.c:39)
==16491==  Block was alloc'd at
==16491==at 0x4C2BFB9: calloc (vg_replace_malloc.c:762)
==16491==by 0x18A48C0: xcalloc (xmalloc.c:162)
==16491==by 0x874EBE: gfc_new_symbol (symbol.c:3131)
==16491==by 0x874EBE: gfc_get_sym_tree(char const*, gfc_namespace*,
gfc_symtree**, bool) (symbol.c:3365)
==16491==by 0x875283: gfc_get_symbol(char const*, gfc_namespace*,
gfc_symbol**) (symbol.c:3418)
==16491==by 0x801D46: gfc_match_label() (match.c:614)
==16491==by 0x804770: gfc_match_forall(gfc_statement*) (match.c:2555)
==16491==by 0x8293A3: decode_statement() (parse.c:412)
==16491==by 0x82EC84: next_free (parse.c:1279)
==16491==by 0x82EC84: next_statement() (parse.c:1511)
==16491==by 0x8307BC: parse_spec(gfc_statement) (parse.c:3922)
==16491==by 0x8334FC: parse_progunit(gfc_statement) (parse.c:5851)
==16491==by 0x834BE6: gfc_parse_file() (parse.c:6392)
==16491==by 0x88529F: gfc_be_parse_file() (f95-lang.c:210)
==16491== 
==16491== Invalid read of size 1
==16491==at 0x8721CA: gfc_add_flavor(symbol_attribute*, sym_flavor, char
const*, locus*) (symbol.c:1775)
==16491==by 0x7C2C4A: gfc_match_derived_decl() [clone .part.0]
(decl.c:10478)
==16491==by 0x7C3518: gfc_match_derived_decl (decl.c:10339)
==16491==by 0x7C3518: gfc_match_type(gfc_statement*) (decl.c:10311)
==16491==by 0x8293C8: decode_statement() (parse.c:418)
==16491==by 0x82EC84: next_free (parse.c:1279)
==16491==by 0x82EC84: next_statement() (parse.c:1511)
==16491==by 0x8307BC: parse_spec(gfc_statement) (parse.c:3922)
==16491==by 0x8334FC: parse_progunit(gfc_statement) (parse.c:5851)
==16491==by 0x834BE6: gfc_parse_file() (parse.c:6392)
==16491==by 0x88529F: gfc_be_parse_file() (f95-lang.c:210)
==16491==by 0xDEA153: compile_file() (toplev.c:458)
==16491==by 0x78E62B: do_compile (toplev.c:2273)
==16491==by 0x78E62B: toplev::main(int, char**) (toplev.c:2412)
==16491==by 0x7921DE: main (main.c:39)
==16491==  Address 0x5f93a38 is 280 bytes inside a block of size 344 free'd
==16491==at 0x4C2AF9D: free (vg_replace_malloc.c:540)
==16491==by 0x8758C1: gfc_restore_last_undo_checkpoint() (symbol.c:3697)
==16491==by 0x8293B1: decode_statement() (parse.c:414)
==16491==by 0x82EC84: next_free (parse.c:1279)
==16491==by 0x82EC84: next_statement() (parse.c:1511)
==16491==by 0x8307BC:

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2019-06-06 Thread dominiq at lps dot ens.fr 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Dominique d'Humieres  changed:

   What|Removed |Added

 CC||pault at gcc dot gnu.org
 Blocks|86656   |82173

--- Comment #4 from Dominique d'Humieres  ---
> So the test-case needs -fdec which is described as:

The test in comment 2 has nothing to do with -fdec, but is likely another
problem with parametrized derived type triggered by asan and -fdec.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82173
[Bug 82173] [meta-bug] Parameterized derived type errors
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86656
[Bug 86656] [meta-bug] Issues found with -fsanitize=address

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2019-06-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Martin Liška  changed:

   What|Removed |Added

 Status|ASSIGNED|NEW
   Assignee|marxin at gcc dot gnu.org  |unassigned at gcc dot 
gnu.org

--- Comment #3 from Martin Liška  ---
So the test-case needs -fdec which is described as:
These features are non-standard and should be avoided at all costs.

So that I leave the issue.

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2019-06-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

--- Comment #2 from Martin Liška  ---
Reduced test-case:

$ cat dec.f03
  type :: mytype (a,b)
integer, kind :: a  
integer, LEN :: b

  end type
end

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2019-06-06 Thread marxin at gcc dot gnu.org 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Martin Liška  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|unassigned at gcc dot gnu.org  |marxin at gcc dot 
gnu.org

[Bug fortran/86657] ASAN error: heap-use-after-free gcc/fortran/symbol.c:1762 in gfc_add_flavor

2018-07-24 Thread dominiq at lps dot ens.fr 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86657

Dominique d'Humieres  changed:

   What|Removed |Added

   Priority|P3  |P4
 Status|UNCONFIRMED |NEW
   Last reconfirmed||2018-07-24
 Ever confirmed|0   |1

--- Comment #1 from Dominique d'Humieres  ---
Confirmed for 8.1.0 and trunk (9.0).