[Bug fortran/65089] FAIL: gfortran.dg/io_real_boz(2|_[45]).f90 when tested with -fsanitize=address

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "jakub at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/65089] FAIL: gfortran.dg/io_real_boz(2|_[45]).f90 when tested with -fsanitize=address
Date: Wed, 08 Apr 2015 13:42:00 -0000	[thread overview]
Message-ID: <bug-65089-4-0FgvCb8myB@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-65089-4@http.gcc.gnu.org/bugzilla/>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65089

--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Sounds like either libgfortran bug, or fortran FE bug.
What asan_finish_file sees for .LC3 is:
 <string_cst 0x7ffff169ce40
    type <array_type 0x7ffff16c7d20
        type <integer_type 0x7ffff15083f0 character(kind=1) asm_written public
unsigned string-flag QI
            size <integer_cst 0x7ffff1504cc0 constant 8>
            unit size <integer_cst 0x7ffff1504cd8 constant 1>
            align 8 symtab -244602288 alias set -1 canonical type
0x7ffff15083f0 precision 8 min <integer_cst 0x7ffff1504cf0 0> max <integer_cst
0x7ffff1504c90 255>
            pointer_to_this <pointer_type 0x7ffff1527150>>
        string-flag SI
        size <integer_cst 0x7ffff1504e10 constant 32>
        unit size <integer_cst 0x7ffff1504e28 constant 4>
        align 8 symtab 0 alias set -1 canonical type 0x7ffff16c7d20
        domain <integer_type 0x7ffff16c7c78 type <integer_type 0x7ffff1508690
integer(kind=4)>
            SI size <integer_cst 0x7ffff1504e10 32> unit size <integer_cst
0x7ffff1504e28 4>
            align 32 symtab 0 alias set -1 canonical type 0x7ffff16c7c78
precision 32 min <integer_cst 0x7ffff1504f78 1> max <integer_cst 0x7ffff16c55b8
4>>>
    constant asm_written "(z0)">
i.e. a 4 bytes long string literal, which is not NUL terminated.
If you compile without -fsanitize=address, you can see that (z0) is directly
followed by unrelated strings:
 0000 696f5f72 65616c5f 626f7a5f 352e6639  io_real_boz_5.f9
 0010 3000287a 30295800 00000000 00000000  0.(z0)X.........
 0020 02010000 9b010000 00000000 00000000  ................
 0030 01000000 01000000 00000000 00000000  ................
 0040 1f000000 0000803f                    .......?        
so calling strlen on this is obviously undefined behavior.  Doesn't the FE pass
format_len which tells you how long the string is?  It really doesn't seem to
be NUL terminated unless by accident.
Isn't:
       character(len=32) :: str1
       character(len=4) :: str2
       str2 = '(z0)'
       x = 1.0_16 + 2.0_16**(-105)
       write (str1,str2) 'X'
       end
equivalent to that (again, with no NUL termination)?

next prev parent reply	other threads:[~2015-04-08 13:42 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-17 10:07 [Bug fortran/65089] New: " dominiq at lps dot ens.fr
2015-04-03  0:03 ` [Bug fortran/65089] " hp at gcc dot gnu.org
2015-04-03  8:27 ` dominiq at lps dot ens.fr
2015-04-03 20:11 ` jvdelisle at gcc dot gnu.org
2015-04-03 22:25 ` jvdelisle at gcc dot gnu.org
2015-04-03 22:29 ` dominiq at lps dot ens.fr
2015-04-04  8:53 ` dominiq at lps dot ens.fr
2015-04-08 13:42 ` jakub at gcc dot gnu.org [this message]
2015-04-09  0:00 ` jvdelisle at gcc dot gnu.org
2015-04-09  6:39 ` jakub at gcc dot gnu.org
2015-04-09  8:48 ` dominiq at lps dot ens.fr
2015-04-09 12:08 ` jvdelisle at gcc dot gnu.org
2015-04-12  4:19 ` jvdelisle at gcc dot gnu.org
2015-04-12  7:47 ` dominiq at lps dot ens.fr
2015-04-15  1:27 ` jvdelisle at gcc dot gnu.org
2015-04-15  1:58 ` jvdelisle at gcc dot gnu.org
2015-09-07  9:57 ` dominiq at lps dot ens.fr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-65089-4-0FgvCb8myB@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).