From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3C4C13858C1F; Tue, 5 Sep 2023 12:58:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3C4C13858C1F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1693918704; bh=yJDsRNjx+ISdwfeSsJNOiLW9LNmC1dq6nEir+Va/nXY=; h=From:To:Subject:Date:From; b=y3DQNtVgO/g7lAkJwFBryd8OBQmcfBn7DMAyG8GlX2eHHbWuJpX3QE0hUT2qWlZSO ijtOt6/p7QYe1p/r48bVsHRST4NJQdsr9hKSyq84jF+Ju18AMFFoXpxJ0BYjCjaoBt TGW1zGT8xpC5BOp2AqJ8Zm+UXdABrUiD7TLT+Kv8= From: "fkastl at suse dot cz" To: gcc-bugs@gcc.gnu.org Subject: [Bug fortran/111291] New: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement Date: Tue, 05 Sep 2023 12:58:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: fortran X-Bugzilla-Version: 14.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fkastl at suse dot cz X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone cf_gcchost cf_gcctarget Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D111291 Bug ID: 111291 Summary: ASAN error: heap-use-after-free gcc/fortran/parse.cc:359 in decode_statement Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: fortran Assignee: unassigned at gcc dot gnu.org Reporter: fkastl at suse dot cz CC: mjambor at suse dot cz Target Milestone: --- Host: x86_64-linux Target: x86_64-linux With an ASAN-instrumented GCC configure --enable-languages=3Ddefault,jit,lto,go,d --enable-host-shared --enable-checking=3Drelease --disable-multilib --with-build-config=3Dbootst= rap-asan running make check-fortran RUNTESTFLAGS=3D"dg.exp=3Dunexpected_interface.f90 -v" produces =3D=3D6474=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x5= 13000002ab8 at pc 0x000000ad968d bp 0x7ffd08212000 sp 0x7ffd08211ff8 READ of size 8 at 0x513000002ab8 thread T0 #0 0xad968c in decode_statement /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359 #1 0xae3df4 in next_free /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1592 #2 0xae3df4 in next_statement /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:1824 #3 0xae832f in parse_interface /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:3991 #4 0xae832f in parse_spec /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:4350 #5 0xaef85c in parse_progunit /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:6576 #6 0xaf12cc in gfc_parse_file() /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:7162 #7 0xbec011 in gfc_be_parse_file /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/f95-lang.cc:229 #8 0x1fd637f in compile_file /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:444 #9 0x7a7df3 in do_compile /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2126 #10 0x7a7df3 in toplev::main(int, char**) /home/worker/buildworker/tiber-gcc-asan/build/gcc/toplev.cc:2282 #11 0x7b2e23 in main /home/worker/buildworker/tiber-gcc-asan/build/gcc/main.cc:39 #12 0x7fd42da281ef in __libc_start_call_main (/lib64/libc.so.6+0x281ef) (BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916dac) #13 0x7fd42da282b8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x282b8) (BuildId: 80328d345e2dd1be1b7a59ab1f54d94f4b916d= ac) #14 0x7b45e4 in _start ../sysdeps/x86_64/start.S:115 0x513000002ab8 is located 120 bytes inside of 336-byte region [0x513000002a40,0x513000002b90) freed by thread T0 here: #0 0x865ec8 in __interceptor_free /home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc= _linux.cpp:52 #1 0xbb6103 in gfc_free_symbol(gfc_symbol*&) /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/symbol.cc:3105 previously allocated by thread T0 here: #0 0x866bd7 in __interceptor_calloc /home/worker/buildworker/tiber-gcc-asan/build/libsanitizer/asan/asan_malloc= _linux.cpp:77 #1 0x57ef974 in xcalloc /home/worker/buildworker/tiber-gcc-asan/build/libiberty/xmalloc.c:164 SUMMARY: AddressSanitizer: heap-use-after-free /home/worker/buildworker/tiber-gcc-asan/build/gcc/fortran/parse.cc:359 in decode_statement Shadow bytes around the buggy address: 0x513000002800: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x513000002880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x513000002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x513000002980: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa 0x513000002a00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =3D>0x513000002a80: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd 0x513000002b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x513000002b80: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x513000002c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x513000002c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x513000002d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D6474=3D=3DABORTING=