public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault
@ 2007-11-29 12:09 ek dot kato at gmail dot com
2007-11-29 13:18 ` [Bug libfortran/34291] " ek dot kato at gmail dot com
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: ek dot kato at gmail dot com @ 2007-11-29 12:09 UTC (permalink / raw)
To: gcc-bugs
In next_char() of libgfortran/io/list_read.c, dtp->u.p.line_buffer_enabled is
not initialized properly and this may cause segfault while accessing
dtp->u.p.line_buffer[dtp->u.p.item_count] even dtp->u.p.linebuffer is NULL. I
think it can be solved with initializing in namelist_read() as follows.
Tested with gcc version 4.3.0 20071129 (experimental) (GCC) on Mac OS X 10.4.11
intel.
Index: libgfortran/io/list_read.c
===================================================================
--- libgfortran/io/list_read.c (revision 130508)
+++ libgfortran/io/list_read.c (working copy)
@@ -2646,6 +2646,7 @@
dtp->u.p.namelist_mode = 1;
dtp->u.p.input_complete = 0;
dtp->u.p.expanded_read = 0;
+ dtp->u.p.line_buffer_enabled = 0;
dtp->u.p.eof_jump = &eof_jump;
if (setjmp (eof_jump))
--
Summary: Uninitialized variable is used in io/list_read.c which
causes segfault
Product: gcc
Version: 4.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libfortran
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: ek dot kato at gmail dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
@ 2007-11-29 13:18 ` ek dot kato at gmail dot com
2007-11-29 13:27 ` aldot at gcc dot gnu dot org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ek dot kato at gmail dot com @ 2007-11-29 13:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from ek dot kato at gmail dot com 2007-11-29 13:18 -------
It turns out that my explanation and assumption about uninitialization was
wrong, but the real cause of the segmentation fault is that some functions call
free_line(dtp) without resetting line_buffer_enabled. Here is the revised
patch to avoid crash.
Index: list_read.c
===================================================================
--- list_read.c (revision 130508)
+++ list_read.c (working copy)
@@ -125,6 +125,7 @@
free_mem (dtp->u.p.line_buffer);
dtp->u.p.line_buffer = NULL;
+ dtp->u.p.line_buffer_enabled = 0;
}
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
2007-11-29 13:18 ` [Bug libfortran/34291] " ek dot kato at gmail dot com
@ 2007-11-29 13:27 ` aldot at gcc dot gnu dot org
2007-11-29 15:01 ` burnus at gcc dot gnu dot org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: aldot at gcc dot gnu dot org @ 2007-11-29 13:27 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from aldot at gcc dot gnu dot org 2007-11-29 13:27 -------
Can you please provide a testcase for the testsuite?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
2007-11-29 13:18 ` [Bug libfortran/34291] " ek dot kato at gmail dot com
2007-11-29 13:27 ` aldot at gcc dot gnu dot org
@ 2007-11-29 15:01 ` burnus at gcc dot gnu dot org
2007-11-30 1:11 ` ek dot kato at gmail dot com
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: burnus at gcc dot gnu dot org @ 2007-11-29 15:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from burnus at gcc dot gnu dot org 2007-11-29 15:01 -------
Jerry, libgfortran IO is your domain...
--
burnus at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jvdelisle at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (2 preceding siblings ...)
2007-11-29 15:01 ` burnus at gcc dot gnu dot org
@ 2007-11-30 1:11 ` ek dot kato at gmail dot com
2007-11-30 2:39 ` ek dot kato at gmail dot com
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ek dot kato at gmail dot com @ 2007-11-30 1:11 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from ek dot kato at gmail dot com 2007-11-30 01:11 -------
I can't provide a simple test case sorry, but I now realized that it seems to
be related that READ() for a namelist file ended with "&END" instead of "/"
causes the problem.
I use a library which creates namelist file by itself, and it puts "&END". If
I replace the "&END" with "/", libgfortran doesn't seem to crash.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (3 preceding siblings ...)
2007-11-30 1:11 ` ek dot kato at gmail dot com
@ 2007-11-30 2:39 ` ek dot kato at gmail dot com
2007-11-30 4:04 ` jvdelisle at gcc dot gnu dot org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ek dot kato at gmail dot com @ 2007-11-30 2:39 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from ek dot kato at gmail dot com 2007-11-30 02:39 -------
Maybe I could find a reliable testcase for the problem. Following program will
crash while accessing dtp->u.p.line_buffer[dtp->u.p.item_count].
IMPLICIT NONE
CHARACTER(len=10), DIMENSION(2) :: var
NAMELIST /inx/ var
OPEN(unit=11, status='scratch')
write (11, *) "&INX"
write (11, *) "var(1)='hello'"
write (11, *) "&END"
rewind (11)
READ(11,NML=inx)
CLOSE(11)
END
Here is the backtrace.
(gdb) run
Starting program:
/Users/kato/src/gcc-4.2.999-071129/gcc/testsuite/gfortran.dg/a.out
Reading symbols for shared libraries .++ done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000005
0x0026f1d5 in next_char (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:152
152 c = dtp->u.p.line_buffer[dtp->u.p.item_count];
(gdb) where
#0 0x0026f1d5 in next_char (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:152
#1 0x0026f4e0 in eat_spaces (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:269
#2 0x0026f519 in eat_separator (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:294
#3 0x00272e48 in nml_get_obj_data (dtp=0xbfffe6ac, pprev_nl=0xbfffe5bc,
nml_err_msg=0xbfffe510 "\002\020") at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:2388
#4 0x002739b3 in *__gfortrani_namelist_read (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/list_read.c:2716
#5 0x00279321 in finalize_transfer (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/transfer.c:2616
#6 0x00279511 in *__gfortran_st_read_done (dtp=0xbfffe6ac) at
../../../gcc-4.2.999-071129/libgfortran/io/transfer.c:2777
#7 0x00002c76 in MAIN__ ()
#8 0x00002ce8 in main (argc=1, argv=0xbfffe87c) at
../../../gcc-4.2.999-071129/libgfortran/fmain.c:21
Here is a workaround.
Index: list_read.c
===================================================================
--- list_read.c (revision 130508)
+++ list_read.c (working copy)
@@ -365,6 +365,9 @@
break;
case '/':
+ /* should check 'end' after the character? */
+ case '$':
+ case '&':
dtp->u.p.input_complete = 1;
if (!dtp->u.p.namelist_mode)
return;
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] Uninitialized variable is used in io/list_read.c which causes segfault
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (4 preceding siblings ...)
2007-11-30 2:39 ` ek dot kato at gmail dot com
@ 2007-11-30 4:04 ` jvdelisle at gcc dot gnu dot org
2007-11-30 5:16 ` [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions jvdelisle at gcc dot gnu dot org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jvdelisle at gcc dot gnu dot org @ 2007-11-30 4:04 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from jvdelisle at gcc dot gnu dot org 2007-11-30 04:04 -------
I will get on this soon.
--
jvdelisle at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |jvdelisle at gcc dot gnu dot
|dot org |org
Status|UNCONFIRMED |ASSIGNED
Ever Confirmed|0 |1
Last reconfirmed|0000-00-00 00:00:00 |2007-11-30 04:04:47
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (5 preceding siblings ...)
2007-11-30 4:04 ` jvdelisle at gcc dot gnu dot org
@ 2007-11-30 5:16 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:20 ` jvdelisle at gcc dot gnu dot org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jvdelisle at gcc dot gnu dot org @ 2007-11-30 5:16 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from jvdelisle at gcc dot gnu dot org 2007-11-30 05:16 -------
I have retitled this to reflect a bit more correctly. The workaround in Comment
#6 almost works, but it masks another problem. The patch that caused the
regression is r129016. The test case works fine on r129015 of list_read.c
--
jvdelisle at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Uninitialized variable is |[4.3 Regression] Segfault in
|used in io/list_read.c which|io/list_read.c handling of
|causes segfault |end conditions
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (6 preceding siblings ...)
2007-11-30 5:16 ` [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions jvdelisle at gcc dot gnu dot org
@ 2007-11-30 23:20 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: jvdelisle at gcc dot gnu dot org @ 2007-11-30 23:20 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from jvdelisle at gcc dot gnu dot org 2007-11-30 23:19 -------
Subject: Bug 34291
Author: jvdelisle
Date: Fri Nov 30 23:19:34 2007
New Revision: 130548
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=130548
Log:
2007-11-30 Jerry DeLisle <jvdelisle@gcc.gnu.org>
PR libfortran/34291
* io/list_read.c (read_character): When reading an unquoted string,
return if special characters that could signify the end of the namelist
read are encountered.
Modified:
trunk/libgfortran/ChangeLog
trunk/libgfortran/io/list_read.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (8 preceding siblings ...)
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
@ 2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: jvdelisle at gcc dot gnu dot org @ 2007-11-30 23:22 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from jvdelisle at gcc dot gnu dot org 2007-11-30 23:22 -------
Subject: Bug 34291
Author: jvdelisle
Date: Fri Nov 30 23:21:48 2007
New Revision: 130549
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=130549
Log:
2007-11-30 Jerry DeLisle <jvdelisle@gcc.gnu.org>
PR libfortran/34291
* gfortran.dg/namelist_41.f90: New test.
Added:
trunk/gcc/testsuite/gfortran.dg/namelist_41.f90
Modified:
trunk/gcc/testsuite/ChangeLog
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
` (7 preceding siblings ...)
2007-11-30 23:20 ` jvdelisle at gcc dot gnu dot org
@ 2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
9 siblings, 0 replies; 11+ messages in thread
From: jvdelisle at gcc dot gnu dot org @ 2007-11-30 23:22 UTC (permalink / raw)
To: gcc-bugs
------- Comment #10 from jvdelisle at gcc dot gnu dot org 2007-11-30 23:22 -------
Fixed on trunk.
--
jvdelisle at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2007-11-30 23:22 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-11-29 12:09 [Bug libfortran/34291] New: Uninitialized variable is used in io/list_read.c which causes segfault ek dot kato at gmail dot com
2007-11-29 13:18 ` [Bug libfortran/34291] " ek dot kato at gmail dot com
2007-11-29 13:27 ` aldot at gcc dot gnu dot org
2007-11-29 15:01 ` burnus at gcc dot gnu dot org
2007-11-30 1:11 ` ek dot kato at gmail dot com
2007-11-30 2:39 ` ek dot kato at gmail dot com
2007-11-30 4:04 ` jvdelisle at gcc dot gnu dot org
2007-11-30 5:16 ` [Bug libfortran/34291] [4.3 Regression] Segfault in io/list_read.c handling of end conditions jvdelisle at gcc dot gnu dot org
2007-11-30 23:20 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
2007-11-30 23:22 ` jvdelisle at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).