From: Harald Anlauf <anlauf@gmx.de>
To: fortran <fortran@gcc.gnu.org>, gcc-patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501]
Date: Mon, 23 Jan 2023 21:34:59 +0100 [thread overview]
Message-ID: <trinity-ecf6c22d-c54d-48b8-9e31-bec40bcc5bc7-1674506099182@3c-app-gmx-bap50> (raw)
[-- Attachment #1: Type: text/plain, Size: 378 bytes --]
Dear all,
we did not check array element triplets for validity strictly enough
(i.e. defensively in the case of invalid code), so we could encounter
non-integer constant expressions that were passed to mpz_get_si.
The attached obvious patch tries to fix all such potential issues
in get_expr_storage_size.
Regtested on x86_64-pc-linux-gnu. OK for mainline?
Thanks,
Harald
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: pr108501.diff --]
[-- Type: text/x-patch, Size: 4060 bytes --]
From 771d793df1622a476e1cf8d05f0a6aee350fa56b Mon Sep 17 00:00:00 2001
From: Harald Anlauf <anlauf@gmx.de>
Date: Mon, 23 Jan 2023 21:19:03 +0100
Subject: [PATCH] Fortran: avoid ICE on invalid array subscript triplets
[PR108501]
gcc/fortran/ChangeLog:
PR fortran/108501
* interface.cc (get_expr_storage_size): Check array subscript triplets
that we actually have integer values before trying to extract with
mpz_get_si.
gcc/testsuite/ChangeLog:
PR fortran/108501
* gfortran.dg/pr108501.f90: New test.
---
gcc/fortran/interface.cc | 23 ++++++++++++++++-------
gcc/testsuite/gfortran.dg/pr108501.f90 | 14 ++++++++++++++
2 files changed, 30 insertions(+), 7 deletions(-)
create mode 100644 gcc/testsuite/gfortran.dg/pr108501.f90
diff --git a/gcc/fortran/interface.cc b/gcc/fortran/interface.cc
index 9593fa83c45..dafe41753b7 100644
--- a/gcc/fortran/interface.cc
+++ b/gcc/fortran/interface.cc
@@ -2910,7 +2910,8 @@ get_expr_storage_size (gfc_expr *e)
if (ref->u.ar.stride[i])
{
- if (ref->u.ar.stride[i]->expr_type == EXPR_CONSTANT)
+ if (ref->u.ar.stride[i]->expr_type == EXPR_CONSTANT
+ && ref->u.ar.stride[i]->ts.type == BT_INTEGER)
stride = mpz_get_si (ref->u.ar.stride[i]->value.integer);
else
return 0;
@@ -2918,26 +2919,30 @@ get_expr_storage_size (gfc_expr *e)
if (ref->u.ar.start[i])
{
- if (ref->u.ar.start[i]->expr_type == EXPR_CONSTANT)
+ if (ref->u.ar.start[i]->expr_type == EXPR_CONSTANT
+ && ref->u.ar.start[i]->ts.type == BT_INTEGER)
start = mpz_get_si (ref->u.ar.start[i]->value.integer);
else
return 0;
}
else if (ref->u.ar.as->lower[i]
- && ref->u.ar.as->lower[i]->expr_type == EXPR_CONSTANT)
+ && ref->u.ar.as->lower[i]->expr_type == EXPR_CONSTANT
+ && ref->u.ar.as->lower[i]->ts.type == BT_INTEGER)
start = mpz_get_si (ref->u.ar.as->lower[i]->value.integer);
else
return 0;
if (ref->u.ar.end[i])
{
- if (ref->u.ar.end[i]->expr_type == EXPR_CONSTANT)
+ if (ref->u.ar.end[i]->expr_type == EXPR_CONSTANT
+ && ref->u.ar.end[i]->ts.type == BT_INTEGER)
end = mpz_get_si (ref->u.ar.end[i]->value.integer);
else
return 0;
}
else if (ref->u.ar.as->upper[i]
- && ref->u.ar.as->upper[i]->expr_type == EXPR_CONSTANT)
+ && ref->u.ar.as->upper[i]->expr_type == EXPR_CONSTANT
+ && ref->u.ar.as->upper[i]->ts.type == BT_INTEGER)
end = mpz_get_si (ref->u.ar.as->upper[i]->value.integer);
else
return 0;
@@ -2978,7 +2983,9 @@ get_expr_storage_size (gfc_expr *e)
|| ref->u.ar.as->upper[i] == NULL
|| ref->u.ar.as->lower[i] == NULL
|| ref->u.ar.as->upper[i]->expr_type != EXPR_CONSTANT
- || ref->u.ar.as->lower[i]->expr_type != EXPR_CONSTANT)
+ || ref->u.ar.as->lower[i]->expr_type != EXPR_CONSTANT
+ || ref->u.ar.as->upper[i]->ts.type != BT_INTEGER
+ || ref->u.ar.as->lower[i]->ts.type != BT_INTEGER)
return 0;
elements
@@ -3000,7 +3007,9 @@ get_expr_storage_size (gfc_expr *e)
{
if (!as->upper[i] || !as->lower[i]
|| as->upper[i]->expr_type != EXPR_CONSTANT
- || as->lower[i]->expr_type != EXPR_CONSTANT)
+ || as->lower[i]->expr_type != EXPR_CONSTANT
+ || as->upper[i]->ts.type != BT_INTEGER
+ || as->lower[i]->ts.type != BT_INTEGER)
return 0;
elements = elements
diff --git a/gcc/testsuite/gfortran.dg/pr108501.f90 b/gcc/testsuite/gfortran.dg/pr108501.f90
new file mode 100644
index 00000000000..09ab8c9f34f
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr108501.f90
@@ -0,0 +1,14 @@
+! { dg-do compile }
+! PR fortran/108501 - ICE in get_expr_storage_size
+! Contributed by G.Steinmetz
+
+program p
+ real, parameter :: n = 2
+ real :: a(1,(n),2) ! { dg-error "must be of INTEGER type" }
+ call s(a(:,:,1))
+end
+subroutine s(x)
+ real :: x(2)
+end
+
+! { dg-prune-output "must have constant shape" }
--
2.35.3
next reply other threads:[~2023-01-23 20:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-23 20:34 Harald Anlauf [this message]
2023-01-23 20:46 ` Steve Kargl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=trinity-ecf6c22d-c54d-48b8-9e31-bec40bcc5bc7-1674506099182@3c-app-gmx-bap50 \
--to=anlauf@gmx.de \
--cc=fortran@gcc.gnu.org \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).