public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array.
@ 2014-05-28 8:28 vladimir.fuka at gmail dot com
2014-05-28 17:16 ` [Bug fortran/61337] " dominiq at lps dot ens.fr
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: vladimir.fuka at gmail dot com @ 2014-05-28 8:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
Bug ID: 61337
Summary: Wrong indexing and runtime crash with unlimited
polymorphic array.
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: fortran
Assignee: unassigned at gcc dot gnu.org
Reporter: vladimir.fuka at gmail dot com
module array_list
type container
class(*), allocatable :: items(:)
end type
contains
subroutine add_item(a, e)
type(container),allocatable,intent(inout) :: a(:)
class(*),intent(in) :: e(:)
type(container),allocatable :: tmp(:)
if (.not.allocated(a)) then
allocate(a(1))
allocate(a(1)%items(size(e)), source = e)
else
call move_alloc(a,tmp)
allocate(a(size(tmp)+1))
a(1:size(tmp)) = tmp
allocate(a(size(tmp)+1)%items(size(e)), source = e)
end if
end subroutine
end module
use array_list
type(container), allocatable :: a_list(:)
call add_item(a_list, [1, 2])
call print(a_list(1))
contains
subroutine print(c)
type(container), intent(in) :: c
if (allocated(c%items)) then
select type (x=>c%items)
type is (integer)
print *, x
end select
end if
end subroutine
end
> gfortran-4.9 alist-bug.f90 -fcheck=all -g -fbacktrace
> ./a.out
2 0
Expected: 1 2
With
call add_item(a_list, [1, 2])
call add_item(a_list, [1, 2])
do i = 1, size(a_list)
call print(a_list(i))
end do
it crashes SIGSEGVs on line:
allocate(a(size(tmp)+1)%items(size(e)), source = e)
Tested and works on Solaris Studio 12.4.
> sunf90 alist-bug.f90
> ./a.out
1 2
1 2
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array.
2014-05-28 8:28 [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array vladimir.fuka at gmail dot com
@ 2014-05-28 17:16 ` dominiq at lps dot ens.fr
2015-09-02 10:13 ` vladimir.fuka at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: dominiq at lps dot ens.fr @ 2014-05-28 17:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-05-28
Ever confirmed|0 |1
--- Comment #1 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
Confirmed on 4.8 up to trunk. If the first test is compiled with
-fsanitize=address, execution fails with
==63209==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000105f54d28 at pc 0x105f5433c bp 0x7fff59cb0150 sp 0x7fff59cb0148
READ of size 4 at 0x000105f54d28 thread T0
#0 0x105f5433b
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000533b)
#1 0x105f51a56
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100002a56)
#2 0x105f544dc
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000054dc)
#3 0x105f54883
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005883)
#4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc)
0x000105f54d28 is located 0 bytes to the right of global variable 'A.21' from
'pr61337.f90' (0x105f54d20) of size 8
0x000105f54d28 is located 56 bytes to the left of global variable 'options.23'
from 'pr61337.f90' (0x105f54d60) of size 36
...
The modified case (call add_item twice) fails with
==63217==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0001084c0ce8 at pc 0x1084c0112 bp 0x7fff57744130 sp 0x7fff57744128
READ of size 4 at 0x0001084c0ce8 thread T0
#0 0x1084c0111
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005111)
#1 0x1084bd82c
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000282c)
#2 0x1084c02b4
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000052b4)
#3 0x1084c07c3
(/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000057c3)
#4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc)
0x0001084c0ce8 is located 0 bytes to the right of global variable 'A.21' from
'pr61337_1.f90' (0x1084c0ce0) of size 8
0x0001084c0ce8 is located 56 bytes to the left of global variable 'A.24' from
'pr61337_1.f90' (0x1084c0d20) of size 8
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array.
2014-05-28 8:28 [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array vladimir.fuka at gmail dot com
2014-05-28 17:16 ` [Bug fortran/61337] " dominiq at lps dot ens.fr
@ 2015-09-02 10:13 ` vladimir.fuka at gmail dot com
2015-09-02 13:56 ` vladimir.fuka at gmail dot com
2015-09-02 14:09 ` graham.stott at btinternet dot com
3 siblings, 0 replies; 5+ messages in thread
From: vladimir.fuka at gmail dot com @ 2015-09-02 10:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
--- Comment #2 from Vladimir Fuka <vladimir.fuka at gmail dot com> ---
The first is fixed on trunk apparently by
https://gcc.gnu.org/ml/fortran/2015-07/msg00038.html
The modification
call add_item(a_list, [1, 2])
call add_item(a_list, [1, 2])
do i = 1, size(a_list)
call print(a_list(i))
end do
still causes a segfault.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array.
2014-05-28 8:28 [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array vladimir.fuka at gmail dot com
2014-05-28 17:16 ` [Bug fortran/61337] " dominiq at lps dot ens.fr
2015-09-02 10:13 ` vladimir.fuka at gmail dot com
@ 2015-09-02 13:56 ` vladimir.fuka at gmail dot com
2015-09-02 14:09 ` graham.stott at btinternet dot com
3 siblings, 0 replies; 5+ messages in thread
From: vladimir.fuka at gmail dot com @ 2015-09-02 13:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
--- Comment #3 from Vladimir Fuka <vladimir.fuka at gmail dot com> ---
The crash is at line 22:
allocate(a(size(tmp)+1)%items(size(e)), source = e)
ASAN:SIGSEGV
=================================================================
==5902==ERROR: AddressSanitizer: SEGV on unknown address 0x60c0c08ef6b0 (pc
0x0000004086ed bp 0x7ffec4dcc6b0 sp 0x7ffec4dcc490 T0)
#0 0x4086ec in __array_list_MOD_add_item
/home/vf1r14/f/testy/stackoverflow/pr61337b.f90:22
#1 0x408ff4 in MAIN__ /home/vf1r14/f/testy/stackoverflow/pr61337b.f90:35
#2 0x4096d5 in main /home/vf1r14/f/testy/stackoverflow/pr61337b.f90:30
#3 0x7f898a67eb04 in __libc_start_main (/lib64/libc.so.6+0x21b04)
#4 0x400e38 (/home/vf1r14/f/testy/stackoverflow/a.out+0x400e38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/vf1r14/f/testy/stackoverflow/pr61337b.f90:22 __array_list_MOD_add_item
==5902==ABORTING
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array.
2014-05-28 8:28 [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array vladimir.fuka at gmail dot com
` (2 preceding siblings ...)
2015-09-02 13:56 ` vladimir.fuka at gmail dot com
@ 2015-09-02 14:09 ` graham.stott at btinternet dot com
3 siblings, 0 replies; 5+ messages in thread
From: graham.stott at btinternet dot com @ 2015-09-02 14:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
--- Comment #4 from graham.stott at btinternet dot com ---
<div>-------- Original message --------</div><div>From: "vladimir.fuka at gmail
dot com" <gcc-bugzilla@gcc.gnu.org> </div><div>Date:02/09/2015 14:55
(GMT+00:00) </div><div>To: gcc-bugs@gcc.gnu.org </div><div>Subject: [Bug
fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic
array. </div><div>
</div>https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337
--- Comment #3 from Vladimir Fuka <vladimir.fuka at gmail dot com> ---
The crash is at line 22:
allocate(a(size(tmp)+1)%items(size(e)), source = e)
ASAN:SIGSEGV
=================================================================
==5902==ERROR: AddressSanitizer: SEGV on unknown address 0x60c0c08ef6b0 (pc
0x0000004086ed bp 0x7ffec4dcc6b0 sp 0x7ffec4dcc490 T0)
#0 0x4086ec in __array_list_MOD_add_item
/home/vf1r14/f/testy/stackoverflow/pr61337b.f90:22
#1 0x408ff4 in MAIN__ /home/vf1r14/f/testy/stackoverflow/pr61337b.f90:35
#2 0x4096d5 in main /home/vf1r14/f/testy/stackoverflow/pr61337b.f90:30
#3 0x7f898a67eb04 in __libc_start_main (/lib64/libc.so.6+0x21b04)
#4 0x400e38 (/home/vf1r14/f/testy/stackoverflow/a.out+0x400e38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/vf1r14/f/testy/stackoverflow/pr61337b.f90:22 __array_list_MOD_add_item
==5902==ABORTING
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-09-02 14:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-28 8:28 [Bug fortran/61337] New: Wrong indexing and runtime crash with unlimited polymorphic array vladimir.fuka at gmail dot com
2014-05-28 17:16 ` [Bug fortran/61337] " dominiq at lps dot ens.fr
2015-09-02 10:13 ` vladimir.fuka at gmail dot com
2015-09-02 13:56 ` vladimir.fuka at gmail dot com
2015-09-02 14:09 ` graham.stott at btinternet dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).