From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by sourceware.org (Postfix) with ESMTPS id D7150387086C; Thu, 18 Feb 2021 21:12:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D7150387086C X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [93.207.90.177] ([93.207.90.177]) by web-mail.gmx.net (3c-app-gmx-bap37.server.lan [172.19.172.107]) (via HTTP); Thu, 18 Feb 2021 22:12:21 +0100 MIME-Version: 1.0 Message-ID: From: Harald Anlauf To: fortran , gcc-patches Subject: [PATCH] PR fortran/99147 - Sanitizer detects heap-use-after-free in gfc_add_flavor Content-Type: multipart/mixed; boundary=rehcsed-31fed612-7330-4b76-a19d-7932f40ab15a Date: Thu, 18 Feb 2021 22:12:21 +0100 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:igc2ZrDRf8GNB+19GYlj1pk7jkEGAUb0gMjh7SMgupEneXy6aTknx1XtIOlRc+O1xVA7G Ro819HHKzviCxnayngVTyMg4fUYvBT9EsXKKXYU5RlThQrG2BtPL1uwT+yoLmUmmJ9VHT9CQYz1f BOpOKhRjaLwCNbK+YXhx+cpGQi29Q+VBDoytlqecBruU3EzEkbwOYUJjIll8MLP2O2Z9QHR6idls sO7KtJa0rwKvqjT4yF+9228kFPOX4bv2dE+RmNr9fpIthxQaBOnyiNj+qiqRsi1MKi3mGXwcDFhG ZE= X-UI-Out-Filterresults: notjunk:1;V03:K0:aedPGvwRFX4=:trmddpJxBCIGESHJqxal/2 pKKEPKoMeH42ReJWHb4SJAX56H3LA0taMmkmlFeMqEudzcKS5ERzNOtrhH2cRCB8h59ptj61u 3sEVTbZCr++YA+U/doI/nB+LWKc2DK4M96CQ6P5c3pavvILs3K1qSxvdqC2jOWK7BOIZjwtii 3m99bGonvS+AeAZfaorqM2js1cSQRM/vC3gIPMICbyfWnvIqJgDA1qKs9W/MEDzEOiuVXB3bq NrY7kBwW8EOeHdcsCqzlHNRjWacsDVz4u2W7rpIpdk99MOCz1JJUQufl3h4NFJWWrBukQ+1ry 94m79PhNEAfK1gz4CcO8jRgBWXQzW4YvjluAjMiP29I1RWb1jajq3ZjgAIx+lWcKoSXBgT+Ws LRiX1nedGDCdUEHyl8DxjlukCX4bifxwrxVzkQfws47FmDXSYnByALkc9yvHlMpNO96gpTuTv VW5zA0qaNQAiAKKq3AZXzVZBYi40BoiQvkcigwpxe1TerN9OJJ75r+ke4nMQRSJ2t3r616+fv JqdWzS4flV96DC3n3DSppPL3+jF9Gva0nIXi7BnNDNUI+B56PQQMZzcIHejUIYfi5cIvyQ+aK pgnax5J+2Mue0= X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: fortran@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Fortran mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Feb 2021 21:12:24 -0000 --rehcsed-31fed612-7330-4b76-a19d-7932f40ab15a Content-Type: text/plain; charset=UTF-8 Dear all, the PR reports an issue detected with an ASAN instrumented compiler, which can also be verified with valgrind. It appears that the state of gfc_new_block could be such that it should not be dereferenced. Reversing the order of condition evaluation helped. I failed to find out why this should happen, but then other places in the code put dereferences of gfc_new_block behind other checks. Simple things like initializing gfc_new_block with NULL in decl.c did not help. Regtested on x86_64-pc-linux-gnu. No testcase added since the issue can be found only with an instrumented compiler or valgrind. I consider the patch to be obvious and trivial, but post it here in case somebody wants to dig deeper. OK for master? Thanks, Harald PR fortran/99147 - Sanitizer detects heap-use-after-free in gfc_add_flavor Reverse order of conditions to avoid invalid read. gcc/fortran/ChangeLog: * symbol.c (gfc_add_flavor): Reverse order of conditions. --rehcsed-31fed612-7330-4b76-a19d-7932f40ab15a Content-Type: text/x-patch Content-Disposition: attachment; filename=pr99147.patch Content-Transfer-Encoding: quoted-printable diff --git a/gcc/fortran/symbol.c b/gcc/fortran/symbol.c index 3b988d1be22..e982374d9d1 100644 =2D-- a/gcc/fortran/symbol.c +++ b/gcc/fortran/symbol.c @@ -1772,8 +1772,8 @@ gfc_add_flavor (symbol_attribute *attr, sym_flavor f= , const char *name, /* Copying a procedure dummy argument for a module procedure in a submodule results in the flavor being copied and would result in an error without this. */ - if (gfc_new_block && gfc_new_block->abr_modproc_decl - && attr->flavor =3D=3D f && f =3D=3D FL_PROCEDURE) + if (attr->flavor =3D=3D f && f =3D=3D FL_PROCEDURE + && gfc_new_block && gfc_new_block->abr_modproc_decl) return true; if (attr->flavor !=3D FL_UNKNOWN) --rehcsed-31fed612-7330-4b76-a19d-7932f40ab15a--