From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-282185-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 11524 invoked by alias); 25 Apr 2009 18:06:45 -0000
Received: (qmail 11432 invoked by uid 48); 25 Apr 2009 18:06:31 -0000
Date: Sat, 25 Apr 2009 18:06:00 -0000
Message-ID: <20090425180631.11431.qmail@sourceware.org>
X-Bugzilla-Reason: CC
References: <bug-39879-17588@http.gcc.gnu.org/bugzilla/>
Subject: [Bug fortran/39879] [4.3/4.4/4.5 Regression] double free or corruption abort with gfortran
In-Reply-To: <bug-39879-17588@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "pault at gcc dot gnu dot org" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2009-04/txt/msg02343.txt.bz2



------- Comment #7 from pault at gcc dot gnu dot org  2009-04-25 18:06 -------
(In reply to comment #6)

With the pointer initialization, the assignment   u%model = u%design
is translated to:

  {
    struct tao_lattice_struct D.1667;

    D.1667 = *u->design;
    tao_lat_equal_tao_lat (u->model, &D.1667);
    if (D.1667.bunch_params.data != 0B)
      {
        __builtin_free (D.1667.bunch_params.data);
      }
    D.1667.bunch_params.data = 0B;
    if (D.1667.bunch_params2.data != 0B)
      {
        __builtin_free (D.1667.bunch_params2.data);
      }
    D.1667.bunch_params2.data = 0B;
  }

Thus the data pointers are doubly freed because they are not nullified in
u->design

Once the initialization is gone, the assignment becomes

  tao_lat_equal_tao_lat (u->model, u->design);

and the cause of the problem has vanaished.

Paul


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39879