[Bug libfortran/62094] New: Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[Bug libfortran/62094] New: Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[shamsundar at uh dot edu]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

            Bug ID: 62094
           Summary: Program crash when executing DEALLOCATE with addresses
                    that have 0 in bits 26 and higher (little-endian)
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libfortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shamsundar at uh dot edu

Created attachment 33293
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=33293&action=edit
Fortran program that will exhibit the bug on a Linux x86-64 system, eg.
openSuse 12.3 desktop

The library routine free() in libc.so.6 on some X86-64 Linux systems will
deference address zero when the argument has bits 26 and up all zero. This will
cause the program to crash. A Fortran program that exposes this bug is
attached. Here are a few instructions from free(), from libc.so.6, stable
release 2.17, configured for x86_64_linux, gcc 4.7.2:

__libc_free: (argument in %rdi)
...
   7ea08:       48 8d 77 f0             lea    -0x10(%rdi),%rsi
...
   7ea1b:       48 89 f0                mov    %rsi,%rax
   7ea1e:       48 25 00 00 00 fc       and    $0xfffffffffc000000,%rax
   7ea24:       48 8b 38                mov    (%rax),%rdi            <<<====
crash if %rax =  0

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[kargl at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

kargl at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kargl at gcc dot gnu.org

--- Comment #1 from kargl at gcc dot gnu.org ---
Looks like a bug in glibc exposed by gfortran.  Not sure
why you think that this is a libgfortran bug.

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[sham at Central dot UH.EDU]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

--- Comment #2 from sham at Central dot UH.EDU ---
Thanks, Steve. My pick of libgfortran as "product line" was because it was the
closest from the limited choices that the bug report form offered. 

As you observed, this is probably just a LIBC bug. On the other hand, I do not
know the interconnections between the code generated for ALLOCATE/DEALLOCATE by
GFortran and the conventions governing call to malloc()/free().

N. Shamsundar
________________________________________
From: kargl at gcc dot gnu.org [gcc-bugzilla@gcc.gnu.org]
Sent: Monday, August 11, 2014 1:47 PM
To: shamsundar@uh.edu
Subject: [Bug libfortran/62094] Program crash when executing DEALLOCATE with
addresses that have 0 in bits 26 and higher (little-endian)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

kargl at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kargl at gcc dot gnu.org

--- Comment #1 from kargl at gcc dot gnu.org ---
Looks like a bug in glibc exposed by gfortran.  Not sure
why you think that this is a libgfortran bug.

--
You are receiving this mail because:
You reported the bug.

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[sgk at troutmask dot apl.washington.edu]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

--- Comment #3 from Steve Kargl <sgk at troutmask dot apl.washington.edu> ---
On Mon, Aug 11, 2014 at 07:17:15PM +0000, sham at Central dot UH.EDU wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094
> 
> --- Comment #2 from sham at Central dot UH.EDU ---
> Thanks, Steve. My pick of libgfortran as "product line" was because
> it was the closest from the limited choices that the bug report form
> offered. 
> 
> As you observed, this is probably just a LIBC bug. On the other hand,
> I do not know the interconnections between the code generated for
> ALLOCATE/DEALLOCATE by GFortran and the conventions governing call
> to malloc()/free().
> 

glibc is developed independently of gcc.  You can go to
http://www.gnu.org/software/libc/bugs.html
for more information on reporting glibc bugs.

Unofortunately, I suspect the glibc developers will want
a C program that exposes the problem not a Fortran program.

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2014-08-12
     Ever confirmed|0                           |1

--- Comment #4 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> Looks like a bug in glibc exposed by gfortran.

So this PR could be closed as invalid (the attached test works on
x86_64-apple-darwin13).

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[sgk at troutmask dot apl.washington.edu]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

--- Comment #5 from Steve Kargl <sgk at troutmask dot apl.washington.edu> ---
On Tue, Aug 12, 2014 at 03:40:06PM +0000, dominiq at lps dot ens.fr wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094
> 
> Dominique d'Humieres <dominiq at lps dot ens.fr> changed:
> 
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>              Status|UNCONFIRMED                 |WAITING
>    Last reconfirmed|                            |2014-08-12
>      Ever confirmed|0                           |1
> 
> --- Comment #4 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
> > Looks like a bug in glibc exposed by gfortran.
> 
> So this PR could be closed as invalid (the attached test works on
> x86_64-apple-darwin13).
> 

It also works on x86_64-*-freebsd.  Hopefully, OP reports
to glibc and tells us.

[Bug libfortran/62094] Program crash when executing DEALLOCATE with addresses that have 0 in bits 26 and higher (little-endian)

[dominiq at lps dot ens.fr]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=62094

Dominique d'Humieres <dominiq at lps dot ens.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|---                         |INVALID

--- Comment #6 from Dominique d'Humieres <dominiq at lps dot ens.fr> ---
No feedback for almost four months. Closing as INVALID.