[Bug fortran/32702] New: crash when printing big character variable

[Bug fortran/32702] New: crash when printing big character variable

[vivekrao4 at yahoo dot com]

For the code

program main
character (len=10000) :: word
word = "dog"
print*,"word =",word
end program main

compiled with

U:\vrao\fortran>gfortran -v xbug.f90
Driving: gfortran -v xbug.f90 -lgfortranbegin -lgfortran
Using built-in specs.
Target: i386-pc-mingw32
Configured with: ../trunk/configure --prefix=/mingw
--enable-languages=c,fortran --with-gmp=/home/coudert/local --disable-nls
--with-ld=/mingw/bin/ld --with-as=/mingw/bin/as --disable-werror
--enable-bootstrap --enable-threads --build=i386-pc-mingw32 --disable-shared
--enable-libgomp
Thread model: win32
gcc version 4.3.0 20070706 (experimental)
 c:/programs/gfortran/bin/../libexec/gcc/i386-pc-mingw32/4.3.0/f951.exe
xbug.f90 -quiet -dumpbase xbug.f90 -mtune=i386 -auxbase xbug -version
-fintrinsic-modules-path
c:/programs/gfortran/bin/../lib/gcc/i386-pc-mingw32/4.3.0/finclude -o
C:\DOCUME~1\vrao\LOCALS~1\Temp/ccfHwMra.s
GNU F95 version 4.3.0 20070706 (experimental) (i386-pc-mingw32)
        compiled by GNU C version 4.3.0 20070706 (experimental), GMP version
4.2.1, MPFR version 2.2.1.
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
 as -o C:\DOCUME~1\vrao\LOCALS~1\Temp/cc1pIAXq.o
C:\DOCUME~1\vrao\LOCALS~1\Temp/ccfHwMra.s
 c:/programs/gfortran/bin/../libexec/gcc/i386-pc-mingw32/4.3.0/collect2.exe
-Bdynamic c:/programs/g95/lib/crt2.o
c:/programs/gfortran/bin/../lib/gcc/i386-pc-mingw32/4.3.0/crtbegin.o
-Lc:/programs/gfortran/bin/../lib/gcc/i386-pc-mingw32/4.3.0
-Lc:/programs/gfortran/bin/../lib/gcc -Lc:/programs/g95/lib
-Lc:/programs/gfortran/bin/../lib/gcc/i386-pc-mingw32/4.3.0/../../..
C:\DOCUME~1\vrao\LOCALS~1\Temp/cc1pIAXq.o -lgfortranbegin -lgfortran -lmingw32
-lgcc -lmoldname -lmingwex -lmsvcrt -luser32 -lkernel32 -ladvapi32 -lshell32
-lmingw32 -lgcc -lmoldname -lmingwex -lmsvcrt
c:/programs/gfortran/bin/../lib/gcc/i386-pc-mingw32/4.3.0/crtend.o

the program on Windows XP prints "word =dog" but then crashes with a pop-up
message

"a.exe has encountered a problem and needs to close".

The program runs fine with the LEN is reduced to 8000.


-- 
           Summary: crash when printing big character variable
           Product: gcc
           Version: 4.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: vivekrao4 at yahoo dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] crash when printing big character variable

[dfranke at gcc dot gnu dot org]

------- Comment #1 from dfranke at gcc dot gnu dot org  2007-07-09 15:08 -------
Confirmed. Presumely a buffer overflow in the library.

If len==8192, valgrind does not report any errors. 
If len > 8192:

===30988== Invalid write of size 1
==30988==    at 0x4022D8E: memcpy (mc_replace_strmem.c:406)
==30988==    by 0x40A26C3: write_character (write.c:1412)
==30988==    by 0x40A462B: _gfortrani_list_formatted_write (write.c:1533)
==30988==    by 0x409A885: _gfortran_transfer_character (transfer.c:1416)
==30988==    by 0x80486FB: MAIN__ (pr32702.f90:4)
==30988==    by 0x8048748: main (fmain.c:22)
==30988==  Address 0x4229340 is 0 bytes after a block of size 8,296 alloc'd
==30988==    at 0x40213D0: malloc (vg_replace_malloc.c:149)
==30988==    by 0x40342CC: _gfortrani_get_mem (memory.c:53)
==30988==    by 0x40A0BE4: fd_to_stream (unix.c:1048)
==30988==    by 0x409F509: _gfortrani_init_units (unit.c:525)
==30988==    by 0x4033F73: init (main.c:152)
==30988==    by 0x40307DC: (within
/h/franke/packages/i686-pc-linux-gnu/gcc/lib/gcc/i686-pc-linux-gnu/4.3.0/libgfortran.so.3.0.0)
==30988==    by 0x400D762: call_init (in /lib/ld-2.4.so)
==30988==    by 0x400D872: _dl_init (in /lib/ld-2.4.so)
==30988==    by 0x400087E: (within /lib/ld-2.4.so)

Moving to libfortran, adding Jerry to CC.


-- 

dfranke at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dfranke at gcc dot gnu dot
                   |                            |org, jvdelisle at gcc dot
                   |                            |gnu dot org
          Component|fortran                     |libfortran


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] crash when printing big character variable

[dfranke at gcc dot gnu dot org]

-- 

dfranke at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
   Last reconfirmed|0000-00-00 00:00:00         |2007-07-09 15:10:11
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] [4.3 Regression] crash when printing big character variable

[burnus at gcc dot gnu dot org]

-- 

burnus at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code
      Known to fail|                            |4.3.0
      Known to work|                            |4.2.1
            Summary|crash when printing big     |[4.3 Regression] crash when
                   |character variable          |printing big character
                   |                            |variable
   Target Milestone|---                         |4.3.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] [4.3 Regression] crash when printing big character variable

[jvdelisle at gcc dot gnu dot org]

------- Comment #2 from jvdelisle at gcc dot gnu dot org  2007-07-10 00:39 -------
Got it.


-- 

jvdelisle at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|unassigned at gcc dot gnu   |jvdelisle at gcc dot gnu dot
                   |dot org                     |org
             Status|NEW                         |ASSIGNED
   Last reconfirmed|2007-07-09 15:10:11         |2007-07-10 00:39:56
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] [4.3 Regression] crash when printing big character variable

[jvdelisle at gcc dot gnu dot org]

------- Comment #3 from jvdelisle at gcc dot gnu dot org  2007-07-10 05:37 -------
Subject: Bug 32702

Author: jvdelisle
Date: Tue Jul 10 05:37:29 2007
New Revision: 126510

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=126510
Log:
2007-07-09  Jerry DeLisle  <jvdelisle@gcc.gnu.org>

        PR libgfortran/32702
        * io/unix.c (unix_stream): Restore buffer pointer and small_buffer.
        (fd_alloc): If the number of bytes needed is greater than the default
        BUFFER_SIZE, allocate a new buffer large enough.  Free the old buffer
if
        necessary. (fd_sfree): Restore use of buffer pointer.
        (fd_close): Likewise. (fd_open): Likewise.
        (init_error_stream): Likewise.

Modified:
    trunk/libgfortran/ChangeLog
    trunk/libgfortran/io/unix.c


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702

[Bug libfortran/32702] [4.3 Regression] crash when printing big character variable

[jvdelisle at gcc dot gnu dot org]

------- Comment #4 from jvdelisle at gcc dot gnu dot org  2007-07-10 05:59 -------
Closing


-- 

jvdelisle at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32702