public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/37469]  New: Invalid GMP usage
@ 2008-09-10 21:18 hjl dot tools at gmail dot com
  2008-09-10 21:37 ` [Bug fortran/37469] " burnus at gcc dot gnu dot org
                   ` (11 more replies)
  0 siblings, 12 replies; 13+ messages in thread
From: hjl dot tools at gmail dot com @ 2008-09-10 21:18 UTC (permalink / raw)
  To: gcc-bugs

find_array_element in expr.c has

      if ((ar->as->upper[i]
           && ar->as->upper[i]->expr_type == EXPR_CONSTANT
           && mpz_cmp (e->value.integer,
                       ar->as->upper[i]->value.integer) > 0)
          || (ar->as->lower[i]->expr_type == EXPR_CONSTANT
              && mpz_cmp (e->value.integer,
                          ar->as->lower[i]->value.integer) < 0))
        {
          gfc_error ("Index in dimension %d is out of bounds "
                     "at %L", i + 1, &ar->c_where[i]);
          cons = NULL;
          t = FAILURE;
          goto depart;
        }

      mpz_sub (delta, e->value.integer, ar->as->lower[i]->value.integer);
      mpz_mul (delta, delta, span);
      mpz_add (offset, offset, delta);

      mpz_set_ui (tmp, 1);
      mpz_add (tmp, tmp, ar->as->upper[i]->value.integer);
      mpz_sub (tmp, tmp, ar->as->lower[i]->value.integer);
      mpz_mul (span, span, tmp);

But it never checks if ar->as->upper[i]->value.integer and
ar->as->lower[i]->value.integer are valid.

I added
--- ./expr.c.foo        2008-09-10 14:09:45.000000000 -0700
+++ ./expr.c    2008-09-10 14:10:13.000000000 -0700
@@ -1050,6 +1050,9 @@ find_array_element (gfc_constructor *con
          goto depart;
        }

+      gcc_assert (ar->as->lower[i]->expr_type == EXPR_CONSTANT
+                 && ar->as->upper[i]->expr_type == EXPR_CONSTANT);
+
       mpz_sub (delta, e->value.integer, ar->as->lower[i]->value.integer);
       mpz_mul (delta, delta, span);
       mpz_add (offset, offset, delta);

and got
Starting program: /export/build/gnu/gcc-work/build-x86_64-linux/gcc/f951
/export/gnu/src/gcc-work/gcc/gcc/testsuite/gfortran.dg/parameter_array_init_3.f90
-quiet -dumpbase parameter_array_init_3.f90 -mtune=generic -auxbase
parameter_array_init_3 -O -pedantic-errors -version -o parameter_array_init_3.s
-fintrinsic-modules-path finclude
GNU Fortran (GCC) version 4.4.0 20080910 (experimental) [trunk revision 140249]
(x86_64-unknown-linux-gnu)
        compiled by GNU C version 4.3.0 20080428 (Red Hat 4.3.0-8), GMP version
4.2.2, MPFR version 2.3.1.
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096

Breakpoint 1, fancy_abort (
    file=0xf28e68 "/export/gnu/src/gcc-work/gcc/gcc/fortran/expr.c", 
    line=1054, function=0xf28e20 "find_array_element")
    at /export/gnu/src/gcc-work/gcc/gcc/diagnostic.c:712
712       internal_error ("in %s, at %s:%d", function, trim_filename (file),
line);
(gdb) f 1
#1  0x000000000042a08f in find_array_element (cons=0x158e0a0, ar=0x1590218, 
    rval=0x7fffffffd6f0)
    at /export/gnu/src/gcc-work/gcc/gcc/fortran/expr.c:1053
1053          gcc_assert (ar->as->lower[i]->expr_type == EXPR_CONSTANT
(gdb) p *ar->as->upper[i]
$3 = {expr_type = EXPR_FUNCTION, ts = {type = BT_UNKNOWN, kind = 0, 
    derived = 0x0, cl = 0x0, interface = 0x0, is_c_interop = 0, is_iso_c = 0, 
    f90_type = BT_UNKNOWN}, rank = 0, shape = 0x0, symtree = 0x1533ef0, 
  ref = 0x0, where = {nextc = 0x15868a8, lb = 0x1586800}, 
  inline_noncopying_intrinsic = 0, is_boz = 0, con_by_offset = 0x0, 
  representation = {length = 0, string = 0x0}, value = {logical = 22234240, 
    iokind = 22234240, integer = {{_mp_alloc = 22234240, _mp_size = 0, 
        _mp_d = 0x0}}, real = {{_mpfr_prec = 22234240, _mpfr_sign = 0, 
        _mpfr_exp = 0, _mpfr_d = 0x0}}, complex = {r = {{
          _mpfr_prec = 22234240, _mpfr_sign = 0, _mpfr_exp = 0, 
          _mpfr_d = 0x0}}, i = {{_mpfr_prec = 0, _mpfr_sign = 0, 
          _mpfr_exp = 0, _mpfr_d = 0x0}}}, op = {op = 22234240, uop = 0x0, 
      op1 = 0x0, op2 = 0x0}, function = {actual = 0x1534480, name = 0x0, 
      isym = 0x0, esym = 0x0}, compcall = {actual = 0x1534480, tbp = 0x0, 
      name = 0x0}, character = {length = 22234240, string = 0x0}, 
    constructor = 0x1534480}}
(gdb)


-- 
           Summary: Invalid GMP usage
           Product: gcc
           Version: 4.4.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: hjl dot tools at gmail dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37469


^ permalink raw reply	[flat|nested] 13+ messages in thread
end of thread, other threads:[~2009-01-01 17:44 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-09-10 21:18 [Bug fortran/37469] New: Invalid GMP usage hjl dot tools at gmail dot com
2008-09-10 21:37 ` [Bug fortran/37469] " burnus at gcc dot gnu dot org
2008-09-10 22:49 ` kargl at gcc dot gnu dot org
2008-11-30  3:53 ` kargl at gcc dot gnu dot org
2008-11-30  9:05 ` [Bug fortran/37469] Invalid GMP usage on gfortran.dg/parameter_array_init_3.f90 ebotcazou at gcc dot gnu dot org
2008-11-30  9:38 ` [Bug fortran/37469] invalid " ebotcazou at gcc dot gnu dot org
2008-12-09 19:24 ` mikael at gcc dot gnu dot org
2008-12-09 19:43 ` mikael at gcc dot gnu dot org
2008-12-10  0:17 ` hjl dot tools at gmail dot com
2008-12-10 13:47 ` jvdelisle at gcc dot gnu dot org
2008-12-10 14:04 ` mikael at gcc dot gnu dot org
2008-12-21 15:36 ` mikael at gcc dot gnu dot org
2009-01-01 17:44 ` danglin at gcc dot gnu dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).