public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
@ 2014-03-26 20:45 hjl.tools at gmail dot com
2014-03-28 9:21 ` [Bug fortran/60677] " rguenth at gcc dot gnu.org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: hjl.tools at gmail dot com @ 2014-03-26 20:45 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Bug ID: 60677
Summary: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O
(test for excess errors)
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
spawn -ignore SIGHUP
/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/testsuite/gfortran4/../../gfortran
-B/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/testsuite/gfortran4/../../
-B/export/build/gnu/gcc-asan/build-x86_64-linux/x86_64-unknown-linux-gnu/32/libgfortran/
/export/gnu/import/git/gcc/gcc/testsuite/gfortran.dg/ichar_3.f90
-fno-diagnostics-show-caret -fdiagnostics-color=never -O -pedantic-errors -S -o
ichar_3.s
=================================================================
==31523==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffa6562b40 at pc 0x88f360 bp 0x7fffa65628f0 sp 0x7fffa65628e8
WRITE of size 8 at 0x7fffa6562b40 thread T0
#0 0x88f35f in gfc_conv_intrinsic_function_args
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:244
#1 0x8b5f34 in gfc_conv_intrinsic_ichar
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:4694
#2 0x8b5f34 in gfc_conv_intrinsic_function(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:6822
#3 0x86f2a1 in gfc_conv_function_expr
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:5559
#4 0x87019a in gfc_conv_expr(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:6310
#5 0x878977 in gfc_conv_expr_val(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:6363
#6 0x88f0d9 in gfc_conv_intrinsic_function_args
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:232
#7 0x890b2c in gfc_conv_intrinsic_conversion
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:290
#8 0x8b629d in gfc_conv_intrinsic_function(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:6711
#9 0x86f2a1 in gfc_conv_function_expr
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:5559
#10 0x87019a in gfc_conv_expr(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:6310
#11 0x880346 in gfc_trans_assignment_1
/export/gnu/import/git/gcc/gcc/fortran/trans-expr.c:8000
#12 0x7d9954 in trans_code
/export/gnu/import/git/gcc/gcc/fortran/trans.c:1639
#13 0x84dc30 in gfc_generate_function_code(gfc_namespace*)
/export/gnu/import/git/gcc/gcc/fortran/trans-decl.c:5610
#14 0x735673 in translate_all_program_units
/export/gnu/import/git/gcc/gcc/fortran/parse.c:4535
#15 0x735673 in gfc_parse_file()
/export/gnu/import/git/gcc/gcc/fortran/parse.c:4732
#16 0x7c9719 in gfc_be_parse_file
/export/gnu/import/git/gcc/gcc/fortran/f95-lang.c:188
#17 0x1371cc1 in compile_file /export/gnu/import/git/gcc/gcc/toplev.c:548
#18 0x1376c2b in do_compile /export/gnu/import/git/gcc/gcc/toplev.c:1914
#19 0x1376c2b in toplev_main(int, char**)
/export/gnu/import/git/gcc/gcc/toplev.c:1990
#20 0x3cdda21b44 in __libc_start_main (/lib64/libc.so.6+0x3cdda21b44)
#21 0x5d2de0
(/export/build/gnu/gcc-asan/build-x86_64-linux/gcc/f951+0x5d2de0)
Address 0x7fffa6562b40 is located in stack of thread T0 at offset 176 in frame
#0 0x8b551f in gfc_conv_intrinsic_function(gfc_se*, gfc_expr*)
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:6527
This frame has 7 object(s):
[32, 40) 'append_args'
[96, 104) 'len'
[160, 176) 'args' <== Memory access at offset 176 overflows this variable
[224, 248) 'args'
[288, 328) 'ts'
[384, 464) 'se1'
[512, 592) 'argse'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/export/gnu/import/git/gcc/gcc/fortran/trans-intrinsic.c:244
gfc_conv_intrinsic_function_args
Shadow bytes around the buggy address:
0x100074ca4510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100074ca4520: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
0x100074ca4530: 00 00 00 00 00 00 f4 f4 f3 f3 f3 f3 00 00 00 00
0x100074ca4540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100074ca4550: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4
=>0x100074ca4560: f4 f4 f2 f2 f2 f2 00 00[f4]f4 f2 f2 f2 f2 00 00
0x100074ca4570: 00 f4 f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f2 f2
0x100074ca4580: f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4 f2 f2
0x100074ca4590: f2 f2 00 00 00 00 00 00 00 00 00 00 f4 f4 f3 f3
0x100074ca45a0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100074ca45b0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==31523==ABORTING
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
@ 2014-03-28 9:21 ` rguenth at gcc dot gnu.org
2014-03-28 12:39 ` burnus at gcc dot gnu.org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu.org @ 2014-03-28 9:21 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Richard Biener <rguenth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.9.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
2014-03-28 9:21 ` [Bug fortran/60677] " rguenth at gcc dot gnu.org
@ 2014-03-28 12:39 ` burnus at gcc dot gnu.org
2014-03-28 18:06 ` mikael at gcc dot gnu.org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: burnus at gcc dot gnu.org @ 2014-03-28 12:39 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Tobias Burnus <burnus at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-03-28
CC| |burnus at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #1 from Tobias Burnus <burnus at gcc dot gnu.org> ---
We have:
gfc_conv_intrinsic_ichar (gfc_se * se, gfc_expr * expr)
{
tree args[2], type, pchartype;
int nargs;
nargs = gfc_intrinsic_argument_list_length (expr);
gfc_conv_intrinsic_function_args (se, expr, args, nargs);
The problem is that nargs == 3, but we have "args[2]". The arguments are the
character (BT_CHARACTER) and the kind (BT_INTEGER). However,
gfc_intrinsic_argument_list_length counts character types as len==2 as one
usually has a character length. Hence, one accesses invalid memory with
gfc_conv_intrinsic_function_args.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
2014-03-28 9:21 ` [Bug fortran/60677] " rguenth at gcc dot gnu.org
2014-03-28 12:39 ` burnus at gcc dot gnu.org
@ 2014-03-28 18:06 ` mikael at gcc dot gnu.org
2014-03-28 18:59 ` mikael at gcc dot gnu.org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-28 18:06 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Mikael Morin <mikael at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |mikael at gcc dot gnu.org
Assignee|unassigned at gcc dot gnu.org |mikael at gcc dot gnu.org
--- Comment #3 from Mikael Morin <mikael at gcc dot gnu.org> ---
This bug is a follow-up to pr59599.
Thanks for diagnosing the problem.
I will commit a fix.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (2 preceding siblings ...)
2014-03-28 18:06 ` mikael at gcc dot gnu.org
@ 2014-03-28 18:59 ` mikael at gcc dot gnu.org
2014-03-28 19:47 ` [Bug fortran/60677] [4.7/4.8 " jakub at gcc dot gnu.org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-28 18:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
--- Comment #4 from Mikael Morin <mikael at gcc dot gnu.org> ---
Author: mikael
Date: Fri Mar 28 18:58:44 2014
New Revision: 208913
URL: http://gcc.gnu.org/viewcvs?rev=208913&root=gcc&view=rev
Log:
fortran/
PR fortran/60677
* trans-intrinsic.c (gfc_conv_intrinsic_ichar): Enlarge argument
list buffer.
Modified:
trunk/gcc/fortran/ChangeLog
trunk/gcc/fortran/trans-intrinsic.c
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.7/4.8 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (3 preceding siblings ...)
2014-03-28 18:59 ` mikael at gcc dot gnu.org
@ 2014-03-28 19:47 ` jakub at gcc dot gnu.org
2014-03-29 9:59 ` mikael at gcc dot gnu.org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu.org @ 2014-03-28 19:47 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
Target Milestone|4.9.0 |4.7.4
Summary|[4.9 Regression] FAIL: |[4.7/4.8 Regression] FAIL:
|gfortran.dg/ichar_3.f90 -O |gfortran.dg/ichar_3.f90 -O
| (test for excess errors) | (test for excess errors)
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Fixed on the trunk. From the referenced PR, seems like this bug now exists
also on 4.7/4.8.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.7/4.8 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (4 preceding siblings ...)
2014-03-28 19:47 ` [Bug fortran/60677] [4.7/4.8 " jakub at gcc dot gnu.org
@ 2014-03-29 9:59 ` mikael at gcc dot gnu.org
2014-03-29 11:08 ` mikael at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-29 9:59 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
--- Comment #6 from Mikael Morin <mikael at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #5)
> Fixed on the trunk. From the referenced PR, seems like this bug now exists
> also on 4.7/4.8.
Yes, I'm going to fix 4.8 and 4.7 as well.
Thanks for reminding me.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.7/4.8 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (5 preceding siblings ...)
2014-03-29 9:59 ` mikael at gcc dot gnu.org
@ 2014-03-29 11:08 ` mikael at gcc dot gnu.org
2014-03-29 12:15 ` mikael at gcc dot gnu.org
2014-03-29 12:18 ` mikael at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-29 11:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
--- Comment #7 from Mikael Morin <mikael at gcc dot gnu.org> ---
Author: mikael
Date: Sat Mar 29 11:07:57 2014
New Revision: 208932
URL: http://gcc.gnu.org/viewcvs?rev=208932&root=gcc&view=rev
Log:
fortran/
PR fortran/60677
* trans-intrinsic.c (gfc_conv_intrinsic_ichar): Enlarge argument
list buffer.
Modified:
branches/gcc-4_8-branch/gcc/fortran/ChangeLog
branches/gcc-4_8-branch/gcc/fortran/trans-intrinsic.c
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.7/4.8 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (6 preceding siblings ...)
2014-03-29 11:08 ` mikael at gcc dot gnu.org
@ 2014-03-29 12:15 ` mikael at gcc dot gnu.org
2014-03-29 12:18 ` mikael at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-29 12:15 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
--- Comment #8 from Mikael Morin <mikael at gcc dot gnu.org> ---
Author: mikael
Date: Sat Mar 29 12:14:41 2014
New Revision: 208935
URL: http://gcc.gnu.org/viewcvs?rev=208935&root=gcc&view=rev
Log:
fortran/
PR fortran/60677
* trans-intrinsic.c (gfc_conv_intrinsic_ichar): Enlarge argument
list buffer.
Modified:
branches/gcc-4_7-branch/gcc/fortran/ChangeLog
branches/gcc-4_7-branch/gcc/fortran/trans-intrinsic.c
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug fortran/60677] [4.7/4.8 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors)
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
` (7 preceding siblings ...)
2014-03-29 12:15 ` mikael at gcc dot gnu.org
@ 2014-03-29 12:18 ` mikael at gcc dot gnu.org
8 siblings, 0 replies; 10+ messages in thread
From: mikael at gcc dot gnu.org @ 2014-03-29 12:18 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60677
Mikael Morin <mikael at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Mikael Morin <mikael at gcc dot gnu.org> ---
This should be fixed now. Please reopen if not.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-03-29 12:18 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-26 20:45 [Bug fortran/60677] New: [4.9 Regression] FAIL: gfortran.dg/ichar_3.f90 -O (test for excess errors) hjl.tools at gmail dot com
2014-03-28 9:21 ` [Bug fortran/60677] " rguenth at gcc dot gnu.org
2014-03-28 12:39 ` burnus at gcc dot gnu.org
2014-03-28 18:06 ` mikael at gcc dot gnu.org
2014-03-28 18:59 ` mikael at gcc dot gnu.org
2014-03-28 19:47 ` [Bug fortran/60677] [4.7/4.8 " jakub at gcc dot gnu.org
2014-03-29 9:59 ` mikael at gcc dot gnu.org
2014-03-29 11:08 ` mikael at gcc dot gnu.org
2014-03-29 12:15 ` mikael at gcc dot gnu.org
2014-03-29 12:18 ` mikael at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).