* [Bug fortran/50409] SIGSEGV in gfc_simplify_expr
2011-09-15 8:41 [Bug fortran/50409] New: SIGSEGV in gfc_simplify_expr zeccav at gmail dot com
@ 2011-09-15 11:09 ` dominiq at lps dot ens.fr
2011-09-15 18:16 ` kargl at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: dominiq at lps dot ens.fr @ 2011-09-15 11:09 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50409
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2011-09-15
Ever Confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> 2011-09-15 11:04:05 UTC ---
On x86_64-apple-darwin10 from gfortran 4.4 to 4.7 I had to interrupt the
compilation after several minutes. Sampling the compilation yielded:
Sampling process 55479 for 3 seconds with 1 millisecond of run time between
samples
Sampling completed, processing symbols...
Analysis of sampling f951 (pid 55479) every 1 millisecond
Process: f951 [55479]
Path:
/opt/gcc/gcc4.7w/libexec/gcc/x86_64-apple-darwin10.8.0/4.7.0/f951
Load Address: 0x100000000
Identifier: f951
Version: ??? (???)
Code Type: X86-64 (Native)
Parent Process: gfortran [55477]
Date/Time: 2011-09-15 11:05:43.420 +0200
OS Version: Mac OS X 10.6.8 (10K549)
Report Version: 6
Call graph:
2366 Thread_2859011 DispatchQueue_1: com.apple.main-thread (serial)
2366 gfc_simplify_expr(gfc_expr*, int)
2366 __memcpy
2366 _sigtramp
2366 crash_signal(int)
2366 internal_error(char const*, ...)
2366 diagnostic_set_info(diagnostic_info*, char const*,
__va_list_tag (*) [1], unsigned int, diagnostic_t)
2366 libintl_dcigettext
2366 strcmp
Total number in stack (recursive counted multiple, when >=5):
Sort by top of stack, same collapsed (when >= 5):
strcmp 2366
Binary Images:
0x100000000 - 0x100d5bfef +f951 ??? (???)
<69BA1A11-FFE8-2BE9-0157-915E87E95F7C>
/opt/gcc/gcc4.7w/libexec/gcc/x86_64-apple-darwin10.8.0/4.7.0/f951
0x14145b000 - 0x141462fff +libintl.8.dylib 9.2.0 (compatibility
9.0.0) <77764503-B558-C86F-5C9D-0896504B2BA5> /sw64/lib/libintl.8.dylib
0x141467000 - 0x141562fe7 +libiconv.2.dylib 7.0.0 (compatibility
7.0.0) <2F723465-84E7-77FB-F9FD-572D6A0DBBCC> /sw64/lib/libiconv.2.dylib
0x14157e000 - 0x14159aff7 +libcloog-isl.2.dylib 3.0.0
(compatibility 3.0.0) <E60A7BC6-03C5-DD6E-A6EF-27B85411B2A4>
/opt/sw64/lib/libcloog-isl.2.dylib
0x1415a5000 - 0x141646ff7 +libisl.7.dylib 8.0.0 (compatibility
8.0.0) <B502B39E-85E7-4346-20F6-AE72BC5E44D9> /opt/sw64/lib/libisl.7.dylib
0x141668000 - 0x141ac1ff7 +libppl_c.4.dylib 5.0.0 (compatibility
5.0.0) <E05D2529-6FEB-6511-7B01-474FF91FD359> /opt/sw64/lib/libppl_c.4.dylib
0x141c45000 - 0x141d1fff7 +libppl.9.dylib 10.0.0 (compatibility
10.0.0) <A5F94C60-C0C2-B343-F8C3-5C04EA05A356> /opt/sw64/lib/libppl.9.dylib
0x141d92000 - 0x141d94fff +libgmpxx.4.dylib 7.2.0 (compatibility
7.0.0) <0AAF15CD-F0FC-E622-38E0-06C422E3ED95> /opt/sw64/lib/libgmpxx.4.dylib
0x141d98000 - 0x141da8fff +libmpc.2.dylib 3.0.0 (compatibility
3.0.0) <306CC750-3595-7C0D-5FAE-286A1A7BA40E> /opt/sw64/lib/libmpc.2.dylib
0x141dad000 - 0x141df9ff7 +libmpfr.4.dylib 5.1.0 (compatibility
5.0.0) <99C678CB-35EA-1551-2921-8FAA54300718> /opt/sw64/lib/libmpfr.4.dylib
0x141e04000 - 0x141e62ff7 +libgmp.10.dylib 11.2.0 (compatibility
11.0.0) <B66ADC3C-CB23-AA46-1E5D-38009780079D> /opt/sw64/lib/libgmp.10.dylib
0x141e73000 - 0x141e74fff +libpwl.5.dylib 6.0.0 (compatibility
6.0.0) <6A4D7AF5-89E9-6E5E-1062-2DDA1628C121> /opt/sw64/lib/libpwl.5.dylib
0x7fff5fc00000 - 0x7fff5fc3bdef dyld 132.1 (???)
<B536F2F1-9DF1-3B6C-1C2C-9075EA219A06> /usr/lib/dyld
0x7fff802f4000 - 0x7fff802f8ff7 libmathCommon.A.dylib 315.0.0
(compatibility 1.0.0) <95718673-FEEE-B6ED-B127-BCDBDB60D4E5>
/usr/lib/system/libmathCommon.A.dylib
0x7fff82201000 - 0x7fff8224dfff libauto.dylib ??? (???)
<F7221B46-DC4F-3153-CE61-7F52C8C293CF> /usr/lib/libauto.dylib
0x7fff83667000 - 0x7fff83828fef libSystem.B.dylib 125.2.11
(compatibility 1.0.0) <9AB4F1D1-89DC-0E8A-DC8E-A4FE4D69DB69>
/usr/lib/libSystem.B.dylib
0x7fff8387e000 - 0x7fff83934ff7 libobjc.A.dylib 227.0.0 (compatibility
1.0.0) <03140531-3B2D-1EBA-DA7F-E12CC8F63969> /usr/lib/libobjc.A.dylib
0x7fff85fd5000 - 0x7fff86052fef libstdc++.6.dylib 7.9.0 (compatibility
7.0.0) <35ECA411-2C08-FD7D-11B1-1B7A04921A5C> /usr/lib/libstdc++.6.dylib
0x7fff87636000 - 0x7fff877adfe7 com.apple.CoreFoundation 6.6.5
(550.43) <31A1C118-AD96-0A11-8BDF-BD55B9940EDC>
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x7fff87c6f000 - 0x7fff87e2dfff libicucore.A.dylib 40.0.0
(compatibility 1.0.0) <4274FC73-A257-3A56-4293-5968F3428854>
/usr/lib/libicucore.A.dylib
0x7fff899ad000 - 0x7fff899beff7 libz.1.dylib 1.2.3 (compatibility
1.0.0) <FB5EE53A-0534-0FFA-B2ED-486609433717> /usr/lib/libz.1.dylib
0x7fffffe00000 - 0x7fffffe01fff libSystem.B.dylib ??? (???)
<9AB4F1D1-89DC-0E8A-DC8E-A4FE4D69DB69> /usr/lib/libSystem.B.dylib
Sample analysis of process 55479 written to file /dev/stdout
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug fortran/50409] SIGSEGV in gfc_simplify_expr
2011-09-15 8:41 [Bug fortran/50409] New: SIGSEGV in gfc_simplify_expr zeccav at gmail dot com
2011-09-15 11:09 ` [Bug fortran/50409] " dominiq at lps dot ens.fr
@ 2011-09-15 18:16 ` kargl at gcc dot gnu.org
2011-11-08 22:34 ` fxcoudert at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: kargl at gcc dot gnu.org @ 2011-09-15 18:16 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50409
kargl at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kargl at gcc dot gnu.org
--- Comment #2 from kargl at gcc dot gnu.org 2011-09-15 18:05:11 UTC ---
I suspect that this chunk of code in gfc_simplify_expr
stating at line 1859 needs to special case zero-sized
strings:
s = gfc_get_wide_string (end - start + 2);
memcpy (s, p->value.character.string + start,
(end - start) * sizeof (gfc_char_t));
s[end - start + 1] = '\0'; /* TODO: C-style string. */
free (p->value.character.string);
p->value.character.string = s;
p->value.character.length = end - start;
p->ts.u.cl = gfc_new_charlen (gfc_current_ns, NULL);
p->ts.u.cl->length = gfc_get_int_expr (gfc_default_integer_kind,
NULL,
p->value.character.length);
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug fortran/50409] SIGSEGV in gfc_simplify_expr
2011-09-15 8:41 [Bug fortran/50409] New: SIGSEGV in gfc_simplify_expr zeccav at gmail dot com
2011-09-15 11:09 ` [Bug fortran/50409] " dominiq at lps dot ens.fr
2011-09-15 18:16 ` kargl at gcc dot gnu.org
@ 2011-11-08 22:34 ` fxcoudert at gcc dot gnu.org
2011-11-08 23:16 ` fxcoudert at gcc dot gnu.org
2011-11-08 23:54 ` fxcoudert at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fxcoudert at gcc dot gnu.org @ 2011-11-08 22:34 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50409
Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |ice-on-valid-code, patch
Status|NEW |ASSIGNED
CC| |fxcoudert at gcc dot
| |gnu.org
--- Comment #3 from Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> 2011-11-08 22:31:36 UTC ---
This is actually the same bug as PR48876, but the original fix was not enough.
The following fixes it for good (fingers crosser, obviously!):
Index: expr.c
===================================================================
--- expr.c (revision 181149)
+++ expr.c (working copy)
@@ -1853,8 +1853,8 @@ gfc_simplify_expr (gfc_expr *p, int type
if (p->ref && p->ref->u.ss.end)
gfc_extract_int (p->ref->u.ss.end, &end);
- if (end < 0)
- end = 0;
+ if (end < start)
+ end = start;
s = gfc_get_wide_string (end - start + 2);
memcpy (s, p->value.character.string + start,
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug fortran/50409] SIGSEGV in gfc_simplify_expr
2011-09-15 8:41 [Bug fortran/50409] New: SIGSEGV in gfc_simplify_expr zeccav at gmail dot com
` (2 preceding siblings ...)
2011-11-08 22:34 ` fxcoudert at gcc dot gnu.org
@ 2011-11-08 23:16 ` fxcoudert at gcc dot gnu.org
2011-11-08 23:54 ` fxcoudert at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fxcoudert at gcc dot gnu.org @ 2011-11-08 23:16 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50409
--- Comment #4 from Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> 2011-11-08 23:15:16 UTC ---
Author: fxcoudert
Date: Tue Nov 8 23:15:11 2011
New Revision: 181181
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=181181
Log:
PR fortran/50409
* expr.c (gfc_simplify_expr): Substrings can't have negative
length.
* gcc/testsuite/gfortran.dg/string_5.f90: Improve testcase.
Modified:
trunk/gcc/fortran/ChangeLog
trunk/gcc/fortran/expr.c
trunk/gcc/testsuite/ChangeLog
trunk/gcc/testsuite/gfortran.dg/string_5.f90
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug fortran/50409] SIGSEGV in gfc_simplify_expr
2011-09-15 8:41 [Bug fortran/50409] New: SIGSEGV in gfc_simplify_expr zeccav at gmail dot com
` (3 preceding siblings ...)
2011-11-08 23:16 ` fxcoudert at gcc dot gnu.org
@ 2011-11-08 23:54 ` fxcoudert at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fxcoudert at gcc dot gnu.org @ 2011-11-08 23:54 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50409
Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #5 from Francois-Xavier Coudert <fxcoudert at gcc dot gnu.org> 2011-11-08 23:15:46 UTC ---
Fixed on trunk.
^ permalink raw reply [flat|nested] 6+ messages in thread