From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by sourceware.org (Postfix) with ESMTPS id 0B6DE3858D29; Fri, 1 Jan 2021 16:14:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0B6DE3858D29 X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [93.207.89.38] ([93.207.89.38]) by web-mail.gmx.net (3c-app-gmx-bs09.server.lan [172.19.170.60]) (via HTTP); Fri, 1 Jan 2021 17:14:33 +0100 MIME-Version: 1.0 Message-ID: From: Harald Anlauf To: fortran , gcc-patches Subject: [PATCH] PR fortran/96381 - invalid read in gfc_find_derived_vtab Content-Type: multipart/mixed; boundary=kenitram-f99ccf51-90e8-4244-a009-af46c641028d Date: Fri, 1 Jan 2021 17:14:33 +0100 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:cHZ5FlXTj+Xl95SDvzflBzWzcIj7/x8TkkSbljUsvIcXl6l4NzWdvXrkLXDAusnsFqT2a 85KoiP0U35zDT/bqyl5RnFVanlWoh6GtVWX9pnAlH8gu+pofaDdohm+f0nQ4DXO/c3my8nPPkGzo 2MOHqWtU+6VNswzD0gToIYvas96ogR/1SkBZO/1gEGjW5X57kE6dnYsBU1rVL56DSzwojjYTxnDg SmU+9GSyL/P+nipUuE0nF7eCvbBmIuVLd+f1Io8A/m86euschtP2Gm8WEZiztMHmmfkiEI97up9v W4= X-UI-Out-Filterresults: notjunk:1;V03:K0:2lzdnIvPuTc=:iI2SElU0ZGytwCg2I0eI6H ARmKzHfIgheCtyTP+59enwO1Ah0pTsp5rgdlyPO8dfimry5RyKCpEMy1ZhodhNk5OcGU7wXYS 2A7ArtSCCbE3PajWq48KMfTejphMKvgLCqVci3kT2AbsEV+CUQLj5I1Yj0hbqAFONnmHl1P2v +MXNRqP4jSCZ4O+9PFDYEvj+tZU7ozzFTkB348lbS/HlTcAJJ27mm/AmVaIluhv5w20sccghk IMRcSCwHL7MYekc11VPE88P41+fb725EWQkKB+S4tua6hPMJWzv/asKa07Qsml84Tb9KTWAJU ethJrq9360CXJg7XIf3d4xQHb2PcsTZxQFxjqcs+0dkYyx/bQLtePymKDb8Pir2iRupuXm3FY koEh488Fknq/h5bhKlSOT+gwQAxb6yCOaDqfGEEUfqdTyoNyLDBkSZIVUN5IkX4wr6qOGbEQX JeAhfRpjWUYjak7U/GinXwHOKQY+29pry+dsuSQalTvK4sTMh1UGCyRX5pJ7gCprQee4Hy8T5 g0gPfdWcUBaqk44ejkwul6eUMPY8/hInuUFfxuHbldlxSN9pgsAxvWuOCiFt4BqG2xAdt/ACo NtrRODiOWn1Ns= X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: fortran@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Fortran mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 16:14:36 -0000 --kenitram-f99ccf51-90e8-4244-a009-af46c641028d Content-Type: text/plain; charset=UTF-8 Dear all, happy New Year! The testcase committed with the fix for PR93337 uncovered a latent issue with an invalid read that was discovered with an ASAN instrumented compiler but which could also be verified by running f951 under valgrind. According to my gdb sessions the invalid read happens when processing a statement that refers to a rejected declaration of a CLASS instance. We simply should not try to look up the vtab entry in such cases. All variations of the testcase gfortran.dg/pr93337.f90 that I tried on x86_64-pc-linux-gnu with the patch below appeared to behave clean running f951 under valgrind. Regtested on x86_64-pc-linux-gnu. OK for master? Since the fix for PR93337 was applied to 9/10/11, I intend to backport after suitable waiting time. Thanks, Harald PR fortran/96381 - invalid read in gfc_find_derived_vtab An invalid declaration of a CLASS instance can lead to an internal state with inconsistent attributes during parsing that needs to be handled with sufficient care when processing subsequent statements. Avoid a lookup of the vtab entry for such cases. gcc/fortran/ChangeLog: * class.c (gfc_find_vtab): Add check on attribute is_class. --kenitram-f99ccf51-90e8-4244-a009-af46c641028d Content-Type: text/x-patch Content-Disposition: attachment; filename=pr96381.patch diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c index 5677d920239..783e4c7354b 100644 --- a/gcc/fortran/class.c +++ b/gcc/fortran/class.c @@ -2906,7 +2906,9 @@ gfc_find_vtab (gfc_typespec *ts) case BT_DERIVED: return gfc_find_derived_vtab (ts->u.derived); case BT_CLASS: - if (ts->u.derived->components && ts->u.derived->components->ts.u.derived) + if (ts->u.derived->attr.is_class + && ts->u.derived->components + && ts->u.derived->components->ts.u.derived) return gfc_find_derived_vtab (ts->u.derived->components->ts.u.derived); else return NULL; --kenitram-f99ccf51-90e8-4244-a009-af46c641028d--