From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-356833-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 32340 invoked by alias); 18 May 2011 16:37:36 -0000
Received: (qmail 32117 invoked by uid 22791); 18 May 2011 16:37:33 -0000
X-SWARE-Spam-Status: No, hits=-2.7 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 18 May 2011 16:37:19 +0000
From: "burnus at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/49023] ICE on invalid code with C_ASSOCIATED
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: fortran
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: burnus at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields: CC
Message-ID: <bug-49023-4-LcSvuaRxYw@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-49023-4@http.gcc.gnu.org/bugzilla/>
References: <bug-49023-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Date: Wed, 18 May 2011 16:55:00 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2011-05/txt/msg01500.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49023

Tobias Burnus <burnus at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |burnus at gcc dot gnu.org

--- Comment #1 from Tobias Burnus <burnus at gcc dot gnu.org> 2011-05-18 16:09:54 UTC ---
==31261== Invalid read of size 8
==31261==    at 0x510673: gfc_resolve_expr (resolve.c:2674)
==31261==    by 0x50E37C: resolve_code (resolve.c:9026)

That's at first "if" block gfc_iso_c_func_interface. In this example, one has
expr_type == EXPR_ARRAY. I think the following patch should be OK (for F2003,
in F2008, the pointer returned by functions also counts as variable).

Additionally, one needs to add a check for the second argument; the program
crashes for
  C_ASSOCIATED(x,[y])
at gfc_conv_array_constructor_expr, at fortran/trans-expr.c:4120

--- resolve.c   (revision 173865)
+++ resolve.c   (working copy)
@@ -2666,9 +2666,8 @@ gfc_iso_c_func_interface (gfc_symbol *sy
   gfc_typespec *arg_ts;
   symbol_attribute arg_attr;

-  if (args->expr->expr_type == EXPR_CONSTANT
-      || args->expr->expr_type == EXPR_OP
-      || args->expr->expr_type == EXPR_NULL)
+  if (args->expr->expr_type != EXPR_VARIABLE
+      || args->expr->symtree->n.sym->attr.flavor != FL_VARIABLE)
     {
       gfc_error ("Argument to '%s' at %L is not a variable",
                 sym->name, &(args->expr->where));