public inbox for fortran@gcc.gnu.org
 help / color / mirror / Atom feed
* [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501]
@ 2023-01-23 20:34 Harald Anlauf
  2023-01-23 20:46 ` Steve Kargl
  0 siblings, 1 reply; 2+ messages in thread
From: Harald Anlauf @ 2023-01-23 20:34 UTC (permalink / raw)
  To: fortran, gcc-patches

[-- Attachment #1: Type: text/plain, Size: 378 bytes --]

Dear all,

we did not check array element triplets for validity strictly enough
(i.e. defensively in the case of invalid code), so we could encounter
non-integer constant expressions that were passed to mpz_get_si.

The attached obvious patch tries to fix all such potential issues
in get_expr_storage_size.

Regtested on x86_64-pc-linux-gnu.  OK for mainline?

Thanks,
Harald


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: pr108501.diff --]
[-- Type: text/x-patch, Size: 4060 bytes --]

From 771d793df1622a476e1cf8d05f0a6aee350fa56b Mon Sep 17 00:00:00 2001
From: Harald Anlauf <anlauf@gmx.de>
Date: Mon, 23 Jan 2023 21:19:03 +0100
Subject: [PATCH] Fortran: avoid ICE on invalid array subscript triplets
 [PR108501]

gcc/fortran/ChangeLog:

	PR fortran/108501
	* interface.cc (get_expr_storage_size): Check array subscript triplets
	that we actually have integer values before trying to extract with
	mpz_get_si.

gcc/testsuite/ChangeLog:

	PR fortran/108501
	* gfortran.dg/pr108501.f90: New test.
---
 gcc/fortran/interface.cc               | 23 ++++++++++++++++-------
 gcc/testsuite/gfortran.dg/pr108501.f90 | 14 ++++++++++++++
 2 files changed, 30 insertions(+), 7 deletions(-)
 create mode 100644 gcc/testsuite/gfortran.dg/pr108501.f90

diff --git a/gcc/fortran/interface.cc b/gcc/fortran/interface.cc
index 9593fa83c45..dafe41753b7 100644
--- a/gcc/fortran/interface.cc
+++ b/gcc/fortran/interface.cc
@@ -2910,7 +2910,8 @@ get_expr_storage_size (gfc_expr *e)

 	    if (ref->u.ar.stride[i])
 	      {
-		if (ref->u.ar.stride[i]->expr_type == EXPR_CONSTANT)
+		if (ref->u.ar.stride[i]->expr_type == EXPR_CONSTANT
+		    && ref->u.ar.stride[i]->ts.type == BT_INTEGER)
 		  stride = mpz_get_si (ref->u.ar.stride[i]->value.integer);
 		else
 		  return 0;
@@ -2918,26 +2919,30 @@ get_expr_storage_size (gfc_expr *e)

 	    if (ref->u.ar.start[i])
 	      {
-		if (ref->u.ar.start[i]->expr_type == EXPR_CONSTANT)
+		if (ref->u.ar.start[i]->expr_type == EXPR_CONSTANT
+		    && ref->u.ar.start[i]->ts.type == BT_INTEGER)
 		  start = mpz_get_si (ref->u.ar.start[i]->value.integer);
 		else
 		  return 0;
 	      }
 	    else if (ref->u.ar.as->lower[i]
-		     && ref->u.ar.as->lower[i]->expr_type == EXPR_CONSTANT)
+		     && ref->u.ar.as->lower[i]->expr_type == EXPR_CONSTANT
+		     && ref->u.ar.as->lower[i]->ts.type == BT_INTEGER)
 	      start = mpz_get_si (ref->u.ar.as->lower[i]->value.integer);
 	    else
 	      return 0;

 	    if (ref->u.ar.end[i])
 	      {
-		if (ref->u.ar.end[i]->expr_type == EXPR_CONSTANT)
+		if (ref->u.ar.end[i]->expr_type == EXPR_CONSTANT
+		    && ref->u.ar.end[i]->ts.type == BT_INTEGER)
 		  end = mpz_get_si (ref->u.ar.end[i]->value.integer);
 		else
 		  return 0;
 	      }
 	    else if (ref->u.ar.as->upper[i]
-		     && ref->u.ar.as->upper[i]->expr_type == EXPR_CONSTANT)
+		     && ref->u.ar.as->upper[i]->expr_type == EXPR_CONSTANT
+		     && ref->u.ar.as->upper[i]->ts.type == BT_INTEGER)
 	      end = mpz_get_si (ref->u.ar.as->upper[i]->value.integer);
 	    else
 	      return 0;
@@ -2978,7 +2983,9 @@ get_expr_storage_size (gfc_expr *e)
 		  || ref->u.ar.as->upper[i] == NULL
 		  || ref->u.ar.as->lower[i] == NULL
 		  || ref->u.ar.as->upper[i]->expr_type != EXPR_CONSTANT
-		  || ref->u.ar.as->lower[i]->expr_type != EXPR_CONSTANT)
+		  || ref->u.ar.as->lower[i]->expr_type != EXPR_CONSTANT
+		  || ref->u.ar.as->upper[i]->ts.type != BT_INTEGER
+		  || ref->u.ar.as->lower[i]->ts.type != BT_INTEGER)
 		return 0;

 	      elements
@@ -3000,7 +3007,9 @@ get_expr_storage_size (gfc_expr *e)
 	    {
 	      if (!as->upper[i] || !as->lower[i]
 		  || as->upper[i]->expr_type != EXPR_CONSTANT
-		  || as->lower[i]->expr_type != EXPR_CONSTANT)
+		  || as->lower[i]->expr_type != EXPR_CONSTANT
+		  || as->upper[i]->ts.type != BT_INTEGER
+		  || as->lower[i]->ts.type != BT_INTEGER)
 		return 0;

 	      elements = elements
diff --git a/gcc/testsuite/gfortran.dg/pr108501.f90 b/gcc/testsuite/gfortran.dg/pr108501.f90
new file mode 100644
index 00000000000..09ab8c9f34f
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr108501.f90
@@ -0,0 +1,14 @@
+! { dg-do compile }
+! PR fortran/108501 - ICE in get_expr_storage_size
+! Contributed by G.Steinmetz
+
+program p
+  real, parameter :: n = 2
+  real :: a(1,(n),2) ! { dg-error "must be of INTEGER type" }
+  call s(a(:,:,1))
+end
+subroutine s(x)
+  real :: x(2)
+end
+
+! { dg-prune-output "must have constant shape" }
--
2.35.3


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501]
  2023-01-23 20:34 [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501] Harald Anlauf
@ 2023-01-23 20:46 ` Steve Kargl
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Kargl @ 2023-01-23 20:46 UTC (permalink / raw)
  To: Harald Anlauf via Fortran; +Cc: gcc-patches

On Mon, Jan 23, 2023 at 09:34:59PM +0100, Harald Anlauf via Fortran wrote:
> 
> we did not check array element triplets for validity strictly enough
> (i.e. defensively in the case of invalid code), so we could encounter
> non-integer constant expressions that were passed to mpz_get_si.
> 
> The attached obvious patch tries to fix all such potential issues
> in get_expr_storage_size.
> 
> Regtested on x86_64-pc-linux-gnu.  OK for mainline?
> 

Yes.  Thanks for the patch.

-- 
Steve

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-01-23 20:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-23 20:34 [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501] Harald Anlauf
2023-01-23 20:46 ` Steve Kargl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).