From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31809 invoked by alias); 28 May 2014 17:16:26 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 31770 invoked by uid 48); 28 May 2014 17:16:19 -0000 From: "dominiq at lps dot ens.fr" To: gcc-bugs@gcc.gnu.org Subject: [Bug fortran/61337] Wrong indexing and runtime crash with unlimited polymorphic array. Date: Wed, 28 May 2014 17:16:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: fortran X-Bugzilla-Version: 4.9.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dominiq at lps dot ens.fr X-Bugzilla-Status: NEW X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cf_reconfirmed_on everconfirmed Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-05/txt/msg02434.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61337 Dominique d'Humieres changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Last reconfirmed| |2014-05-28 Ever confirmed|0 |1 --- Comment #1 from Dominique d'Humieres --- Confirmed on 4.8 up to trunk. If the first test is compiled with -fsanitize=address, execution fails with ==63209==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000105f54d28 at pc 0x105f5433c bp 0x7fff59cb0150 sp 0x7fff59cb0148 READ of size 4 at 0x000105f54d28 thread T0 #0 0x105f5433b (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000533b) #1 0x105f51a56 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100002a56) #2 0x105f544dc (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000054dc) #3 0x105f54883 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005883) #4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc) 0x000105f54d28 is located 0 bytes to the right of global variable 'A.21' from 'pr61337.f90' (0x105f54d20) of size 8 0x000105f54d28 is located 56 bytes to the left of global variable 'options.23' from 'pr61337.f90' (0x105f54d60) of size 36 ... The modified case (call add_item twice) fails with ==63217==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0001084c0ce8 at pc 0x1084c0112 bp 0x7fff57744130 sp 0x7fff57744128 READ of size 4 at 0x0001084c0ce8 thread T0 #0 0x1084c0111 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x100005111) #1 0x1084bd82c (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x10000282c) #2 0x1084c02b4 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000052b4) #3 0x1084c07c3 (/Users/dominiq/Documents/Fortran/g95bench/win/f90/bug/a.out+0x1000057c3) #4 0x7fff8edb75fc (/usr/lib/system/libdyld.dylib+0x35fc) 0x0001084c0ce8 is located 0 bytes to the right of global variable 'A.21' from 'pr61337_1.f90' (0x1084c0ce0) of size 8 0x0001084c0ce8 is located 56 bytes to the left of global variable 'A.24' from 'pr61337_1.f90' (0x1084c0d20) of size 8