public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
@ 2023-09-05 12:58 fkastl at suse dot cz
2023-10-30 19:20 ` [Bug fortran/111291] " anlauf at gcc dot gnu.org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: fkastl at suse dot cz @ 2023-09-05 12:58 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
Bug ID: 111291
Summary: ASAN error: heap-use-after-free
gcc/fortran/parse.cc:359 in decode_statement
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: fkastl at suse dot cz
CC: mjambor at suse dot cz
Target Milestone: ---
Host: x86_64-linux
Target: x86_64-linux
With an ASAN-instrumented GCC
configure --enable-languages=default,jit,lto,go,d --enable-host-shared
--enable-checking=release --disable-multilib --with-build-config=bootstrap-asan
running
make check-fortran RUNTESTFLAGS="dg.exp=unexpected_interface.f90 -v"
produces
==6474==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000002ab8
at pc 0x000000ad968d bp 0x7ffd08212000 sp 0x7ffd08211ff8
READ of size 8 at 0x513000002ab8 thread T0
#0 0xad968c in decode_statement
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359
#1 0xae3df4 in next_free
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1592
#2 0xae3df4 in next_statement
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1824
#3 0xae832f in parse_interface
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:3991
#4 0xae832f in parse_spec
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:4350
#5 0xaef85c in parse_progunit
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:6576
#6 0xaf12cc in gfc_parse_file()
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:7162
#7 0xbec011 in gfc_be_parse_file
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/f95-lang.cc:229
#8 0x1fd637f in compile_file
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:444
#9 0x7a7df3 in do_compile
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2126
#10 0x7a7df3 in toplev::main(int, char**)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2282
#11 0x7b2e23 in main
/home/worker/buildworker/tiber-gcc-asan/build/gcc/main.cc:39
#12 0x7fd42da281ef in __libc_start_call_main (/lib64/libc.so.6+0x281ef)
(BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916dac)
#13 0x7fd42da282b8 in __libc_start_main@GLIBC_2.2.5
(/lib64/libc.so.6+0x282b8) (BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916dac)
#14 0x7b45e4 in _start ../sysdeps/x86_64/start.S:115
0x513000002ab8 is located 120 bytes inside of 336-byte region
[0x513000002a40,0x513000002b90)
freed by thread T0 here:
#0 0x865ec8 in __interceptor_free
/home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0xbb6103 in gfc_free_symbol(gfc_symbol*&)
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/symbol.cc:3105
previously allocated by thread T0 here:
#0 0x866bd7 in __interceptor_calloc
/home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x57ef974 in xcalloc
/home/worker/buildworker/tiber-gcc-asan/build/libiberty/xmalloc.c:164
SUMMARY: AddressSanitizer: heap-use-after-free
/home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359 in
decode_statement
Shadow bytes around the buggy address:
0x513000002800: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002980: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x513000002a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x513000002a80: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
0x513000002b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x513000002b80: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x513000002d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6474==ABORTING
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
@ 2023-10-30 19:20 ` anlauf at gcc dot gnu.org
2023-12-11 20:34 ` anlauf at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-10-30 19:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |error-recovery
Last reconfirmed| |2023-10-30
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #1 from anlauf at gcc dot gnu.org ---
I see the same when running f951 under valgrind.
Thus confirmed.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
2023-10-30 19:20 ` [Bug fortran/111291] " anlauf at gcc dot gnu.org
@ 2023-12-11 20:34 ` anlauf at gcc dot gnu.org
2024-01-10 14:29 ` jamborm at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: anlauf at gcc dot gnu.org @ 2023-12-11 20:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
anlauf at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #2 from anlauf at gcc dot gnu.org ---
*** Bug 112967 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
2023-10-30 19:20 ` [Bug fortran/111291] " anlauf at gcc dot gnu.org
2023-12-11 20:34 ` anlauf at gcc dot gnu.org
@ 2024-01-10 14:29 ` jamborm at gcc dot gnu.org
2024-01-10 18:49 ` mikael at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jamborm at gcc dot gnu.org @ 2024-01-10 14:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
Martin Jambor <jamborm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|mjambor at suse dot cz |mikael at gcc dot gnu.org
--- Comment #3 from Martin Jambor <jamborm at gcc dot gnu.org> ---
This has been introduced with r14-7062-gbcf7ebba9115cc (fortran: Restore
interface to its previous state on error [PR48776]).
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
` (2 preceding siblings ...)
2024-01-10 14:29 ` jamborm at gcc dot gnu.org
@ 2024-01-10 18:49 ` mikael at gcc dot gnu.org
2024-01-20 15:50 ` cvs-commit at gcc dot gnu.org
2024-01-20 21:24 ` mikael at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: mikael at gcc dot gnu.org @ 2024-01-10 18:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
Mikael Morin <mikael at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |mikael at gcc dot gnu.org
--- Comment #4 from Mikael Morin <mikael at gcc dot gnu.org> ---
Mine, I guess.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
` (3 preceding siblings ...)
2024-01-10 18:49 ` mikael at gcc dot gnu.org
@ 2024-01-20 15:50 ` cvs-commit at gcc dot gnu.org
2024-01-20 21:24 ` mikael at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-20 15:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Mikael Morin <mikael@gcc.gnu.org>:
https://gcc.gnu.org/g:6930e1f1055c39bea170c25f694f7301989e5d1d
commit r14-8305-g6930e1f1055c39bea170c25f694f7301989e5d1d
Author: Mikael Morin <mikael@gcc.gnu.org>
Date: Fri Jan 19 18:47:36 2024 +0100
fortran: Restore current interface info on error [PR111291]
This change is a followup to the fix for PR48776 (namely
r14-3572-gd58150452976c4ca65ddc811fac78ef956fa96b0 AKA
fortran: Restore interface to its previous state on error [PR48776]),
which cleaned up new changes from interfaces upon error.
Unfortunately, there is one case in that fix that is mishandled, visible
on unexpected_interface.f90 with valgrind or an asan-instrumented gfortran.
when an interface statement is found while parsing an interface body (which
is invalid), the current interface is replaced by the one from the new
statement, and as parsing continues, new procedures are added
to the new interface, which has been rejected and freed, instead of the
original one.
This change restores the current interface pointer to its previous value
on each rejected statement.
PR fortran/48776
PR fortran/111291
gcc/fortran/ChangeLog:
* parse.cc: Restore current interface to its previous value on
error.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug fortran/111291] ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
` (4 preceding siblings ...)
2024-01-20 15:50 ` cvs-commit at gcc dot gnu.org
@ 2024-01-20 21:24 ` mikael at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: mikael at gcc dot gnu.org @ 2024-01-20 21:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111291
Mikael Morin <mikael at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #6 from Mikael Morin <mikael at gcc dot gnu.org> ---
Fixed for gfortran 14.
Closing.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-01-20 21:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-05 12:58 [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement fkastl at suse dot cz
2023-10-30 19:20 ` [Bug fortran/111291] " anlauf at gcc dot gnu.org
2023-12-11 20:34 ` anlauf at gcc dot gnu.org
2024-01-10 14:29 ` jamborm at gcc dot gnu.org
2024-01-10 18:49 ` mikael at gcc dot gnu.org
2024-01-20 15:50 ` cvs-commit at gcc dot gnu.org
2024-01-20 21:24 ` mikael at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).