From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by sourceware.org (Postfix) with ESMTPS id F36343858D33; Mon, 23 Jan 2023 20:35:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F36343858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1674506099; bh=uRUEgZcmPVDUvBFaeEFMXzmrsadtyVsrvn76w7uL1tk=; h=X-UI-Sender-Class:From:To:Subject:Date; b=qyAqeKlPMO6u9N8fiJP3TVvfw81a206gs4oY+gXHgrnRhQFfT7XswKjGI909MBjMG 1eKRLLGM4LGQT42dZ+SL+bhTEO6I4uskE3N6vqhDboJBhux+3PYKS+1vK4NGnyGwEq Xmrcbvv76jiaCLoh++zrgLuZrG0gtjcHBGmlGODJHxkXzmT5YWfqYOLvkKGvwCq8i7 +3BD1PcTgjKpPkKkGrV0SrRjNWcQ6kHGoVlZHK7XnTkjewaQiQLwVd6jCLwPXNUSJa cGosPstBbSYxIEakd6Lq3H8jhI0cfir8FGk10yxwod8MYecfsRuMStRGp4gcLyoXOm TNG1cidpYDPDw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [93.207.90.148] ([93.207.90.148]) by web-mail.gmx.net (3c-app-gmx-bap50.server.lan [172.19.172.120]) (via HTTP); Mon, 23 Jan 2023 21:34:59 +0100 MIME-Version: 1.0 Message-ID: From: Harald Anlauf To: fortran , gcc-patches Subject: [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501] Content-Type: multipart/mixed; boundary=kenitram-1ae72634-8b9c-46cb-a817-a00bbb473a7f Date: Mon, 23 Jan 2023 21:34:59 +0100 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:jOE2SjraXibIssrQ+PqbY26QTuLkksQMopqErZYROxNxI4hKgUMN5pBa97b3psJGkIENA HzYZLlLXd/ht+VhFrzscpVe/n2iO4Gc+0L1hUOQ5LD34ILxGVtjAXN3Blpb6xXtQLRfvlMs/hNXW SUXRhWGJJpRODBqeVuEDBRm7TKpKDtIDqFrNGB5NtETaSkra44r11/I1OUl1q36kRGK03UCTMBCi UfffPT96och3npM+0XH7TmUwuEKdseHgXY5kUDw0LPyImtiKMc/NNmahEWJkVoHvbnPo6Op3wjCC aQ= UI-OutboundReport: notjunk:1;M01:P0:tTW+Vi2+gs4=;s5K6CWfhoHnZRdXjHxjGGXRqg+2 CElffbu3lHrP9hkP2tdFNKxmcrupjIGERkms/un/2NBGz6jWutw/TJU6fjhThyMppuQoVV+KR TG1yQbjRzB60I/qYGGhxFK2D0UUPg1hnuwgleZKrvHvWG3XfdpoYQ2LohTfCnkwGiOxGDpFEE ngjnHYj1l4ArKfimeVKJE7ZUNI4jK4Uy2MdGiNcJ/mX91jItpmQypUvU+2EvU7OBwQ7n0WETw aH2mt/+tltn087mKwqmNxNJvLEdA76n0EalI2YchDS+lAMPGMCiKCOB8JL/2ALoOd3sG9xOux vqQE1n0ij4G/uzjQ4S1i/V223JlksDhNJtmnlq8aGoETVa7nVBgA9w28L1M+1dum7pzc36xcG cMZcLpjv+XTdbQKDD47OVw90Y8Bpzt1rudD4jodUxT2zeB4ZjZfSGONaEj2TF2Spee4FCNXvo orvf9c5Ux0SpA9AiYn07R+vMPc4Morlp47xKBTanpxJyqMImkBTlLoOAlBLAC0VdkhLrWUgfO XBWcIkqlOnSjZ6w2+tnUm4xXxx9hHEBukCHcgqA2jEk8/x5I2vjn2ReNCw+zHZABgwmZ2/F1n K84KNui6YtrsySMEB9J6AYBVPeiPupNkE0/rXi81blUwy78KDJvzzGPDG51R8tUYrGUYp7aPS JvYqDcVo6nBURZYiPOWM43JftQYlNwO5FGAY83bppTaHr5iB5DOoxJsRenYfmw8dAvg/vbJbe Wokug3O4Z/9uFQkAf47+L/U1B5uKixyJ9tauDpMpYk8t+hRTahztzi3mocJAqe6bh+YBLNJaT icvZfDYv3HQag55LYFp6gkXA== X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --kenitram-1ae72634-8b9c-46cb-a817-a00bbb473a7f Content-Type: text/plain; charset=UTF-8 Dear all, we did not check array element triplets for validity strictly enough (i.e. defensively in the case of invalid code), so we could encounter non-integer constant expressions that were passed to mpz_get_si. The attached obvious patch tries to fix all such potential issues in get_expr_storage_size. Regtested on x86_64-pc-linux-gnu. OK for mainline? Thanks, Harald --kenitram-1ae72634-8b9c-46cb-a817-a00bbb473a7f Content-Type: text/x-patch Content-Disposition: attachment; filename=pr108501.diff Content-Transfer-Encoding: quoted-printable =46rom 771d793df1622a476e1cf8d05f0a6aee350fa56b Mon Sep 17 00:00:00 2001 From: Harald Anlauf Date: Mon, 23 Jan 2023 21:19:03 +0100 Subject: [PATCH] Fortran: avoid ICE on invalid array subscript triplets [PR108501] gcc/fortran/ChangeLog: PR fortran/108501 * interface.cc (get_expr_storage_size): Check array subscript triplets that we actually have integer values before trying to extract with mpz_get_si. gcc/testsuite/ChangeLog: PR fortran/108501 * gfortran.dg/pr108501.f90: New test. =2D-- gcc/fortran/interface.cc | 23 ++++++++++++++++------- gcc/testsuite/gfortran.dg/pr108501.f90 | 14 ++++++++++++++ 2 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 gcc/testsuite/gfortran.dg/pr108501.f90 diff --git a/gcc/fortran/interface.cc b/gcc/fortran/interface.cc index 9593fa83c45..dafe41753b7 100644 =2D-- a/gcc/fortran/interface.cc +++ b/gcc/fortran/interface.cc @@ -2910,7 +2910,8 @@ get_expr_storage_size (gfc_expr *e) if (ref->u.ar.stride[i]) { - if (ref->u.ar.stride[i]->expr_type =3D=3D EXPR_CONSTANT) + if (ref->u.ar.stride[i]->expr_type =3D=3D EXPR_CONSTANT + && ref->u.ar.stride[i]->ts.type =3D=3D BT_INTEGER) stride =3D mpz_get_si (ref->u.ar.stride[i]->value.integer); else return 0; @@ -2918,26 +2919,30 @@ get_expr_storage_size (gfc_expr *e) if (ref->u.ar.start[i]) { - if (ref->u.ar.start[i]->expr_type =3D=3D EXPR_CONSTANT) + if (ref->u.ar.start[i]->expr_type =3D=3D EXPR_CONSTANT + && ref->u.ar.start[i]->ts.type =3D=3D BT_INTEGER) start =3D mpz_get_si (ref->u.ar.start[i]->value.integer); else return 0; } else if (ref->u.ar.as->lower[i] - && ref->u.ar.as->lower[i]->expr_type =3D=3D EXPR_CONSTANT) + && ref->u.ar.as->lower[i]->expr_type =3D=3D EXPR_CONSTANT + && ref->u.ar.as->lower[i]->ts.type =3D=3D BT_INTEGER) start =3D mpz_get_si (ref->u.ar.as->lower[i]->value.integer); else return 0; if (ref->u.ar.end[i]) { - if (ref->u.ar.end[i]->expr_type =3D=3D EXPR_CONSTANT) + if (ref->u.ar.end[i]->expr_type =3D=3D EXPR_CONSTANT + && ref->u.ar.end[i]->ts.type =3D=3D BT_INTEGER) end =3D mpz_get_si (ref->u.ar.end[i]->value.integer); else return 0; } else if (ref->u.ar.as->upper[i] - && ref->u.ar.as->upper[i]->expr_type =3D=3D EXPR_CONSTANT) + && ref->u.ar.as->upper[i]->expr_type =3D=3D EXPR_CONSTANT + && ref->u.ar.as->upper[i]->ts.type =3D=3D BT_INTEGER) end =3D mpz_get_si (ref->u.ar.as->upper[i]->value.integer); else return 0; @@ -2978,7 +2983,9 @@ get_expr_storage_size (gfc_expr *e) || ref->u.ar.as->upper[i] =3D=3D NULL || ref->u.ar.as->lower[i] =3D=3D NULL || ref->u.ar.as->upper[i]->expr_type !=3D EXPR_CONSTANT - || ref->u.ar.as->lower[i]->expr_type !=3D EXPR_CONSTANT) + || ref->u.ar.as->lower[i]->expr_type !=3D EXPR_CONSTANT + || ref->u.ar.as->upper[i]->ts.type !=3D BT_INTEGER + || ref->u.ar.as->lower[i]->ts.type !=3D BT_INTEGER) return 0; elements @@ -3000,7 +3007,9 @@ get_expr_storage_size (gfc_expr *e) { if (!as->upper[i] || !as->lower[i] || as->upper[i]->expr_type !=3D EXPR_CONSTANT - || as->lower[i]->expr_type !=3D EXPR_CONSTANT) + || as->lower[i]->expr_type !=3D EXPR_CONSTANT + || as->upper[i]->ts.type !=3D BT_INTEGER + || as->lower[i]->ts.type !=3D BT_INTEGER) return 0; elements =3D elements diff --git a/gcc/testsuite/gfortran.dg/pr108501.f90 b/gcc/testsuite/gfortr= an.dg/pr108501.f90 new file mode 100644 index 00000000000..09ab8c9f34f =2D-- /dev/null +++ b/gcc/testsuite/gfortran.dg/pr108501.f90 @@ -0,0 +1,14 @@ +! { dg-do compile } +! PR fortran/108501 - ICE in get_expr_storage_size +! Contributed by G.Steinmetz + +program p + real, parameter :: n =3D 2 + real :: a(1,(n),2) ! { dg-error "must be of INTEGER type" } + call s(a(:,:,1)) +end +subroutine s(x) + real :: x(2) +end + +! { dg-prune-output "must have constant shape" } =2D- 2.35.3 --kenitram-1ae72634-8b9c-46cb-a817-a00bbb473a7f--