From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 9D8B73858C54; Mon, 11 Apr 2022 17:47:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9D8B73858C54
From: "kargl at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/105230] [9/10/11/12 Regression] ICE in
 find_array_section, at fortran/expr.cc:1634
Date: Mon, 11 Apr 2022 17:47:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: fortran
X-Bugzilla-Version: 12.0
X-Bugzilla-Keywords: ice-on-invalid-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: kargl at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P4
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: priority bug_status cf_reconfirmed_on cc
 everconfirmed
Message-ID: <bug-105230-4-LqvGSpuH1q@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-105230-4@http.gcc.gnu.org/bugzilla/>
References: <bug-105230-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2022 17:47:37 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D105230

kargl at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P4
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2022-04-11
                 CC|                            |kargl at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #1 from kargl at gcc dot gnu.org ---
Started with 22015e77d3e4.

I cannot work out the logic here in expr.cc:1595-1603


          if ((begin && begin->expr_type !=3D EXPR_CONSTANT)
              || (finish && finish->expr_type !=3D EXPR_CONSTANT)
              || (step && step->expr_type !=3D EXPR_CONSTANT)
              || (!begin && !lower)
              || (!finish && !upper))
            {
              t =3D false;
              goto cleanup;
            }

upper is NULL and later in 1634 it is dereferenced.  This patch fixes
the problem, but the above logic likely needs fixing.

diff --git a/gcc/fortran/expr.cc b/gcc/fortran/expr.cc
index 86d61fed302..4fcdf009b4b 100644
--- a/gcc/fortran/expr.cc
+++ b/gcc/fortran/expr.cc
@@ -1630,6 +1630,11 @@ find_array_section (gfc_expr *expr, gfc_ref *ref)
          if (ref->u.ar.dimen_type[d] =3D=3D DIMEN_ELEMENT)
            mpz_set (end [d], begin->value.integer);

+         if (!upper || !lower)
+           {
+             t =3D false;
+             goto cleanup;
+           }
          /* Check the bounds.  */
          if (mpz_cmp (ctr[d], upper->value.integer) > 0
              || mpz_cmp (end[d], upper->value.integer) > 0=