public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
@ 2020-06-22 20:18 gscfq@t-online.de
  2020-06-22 20:58 ` [Bug fortran/95826] " anlauf at gcc dot gnu.org
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: gscfq@t-online.de @ 2020-06-22 20:18 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

            Bug ID: 95826
           Summary: ICE in gfc_match_decl_type_spec, at
                    fortran/decl.c:4290
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: fortran
          Assignee: unassigned at gcc dot gnu.org
          Reporter: gscfq@t-online.de
  Target Milestone: ---

Moving on, this happens between name length 60 (ok) and 61 (ICE) :


$ cat z1_60.f90
program p
   type t23456789012345678901234567890123456789012345678901234567890 &
       (a23456789012345678901234567890123456789012345678901234567890, &
        b23456789012345678901234567890123456789012345678901234567890)
      integer, kind ::
a23456789012345678901234567890123456789012345678901234567890
      integer, len :: 
b23456789012345678901234567890123456789012345678901234567890
   end type
   integer, parameter ::
n23456789012345678901234567890123456789012345678901234567890 = 16
   type (t23456789012345678901234567890123456789012345678901234567890 &
      (n23456789012345678901234567890123456789012345678901234567890, :)), &
      allocatable ::
x23456789012345678901234567890123456789012345678901234567890
end


$ cat z1_61.f90
program p
   type t234567890123456789012345678901234567890123456789012345678901 &
       (a234567890123456789012345678901234567890123456789012345678901, &
        b234567890123456789012345678901234567890123456789012345678901)
      integer, kind ::
a234567890123456789012345678901234567890123456789012345678901
      integer, len :: 
b234567890123456789012345678901234567890123456789012345678901
   end type
   integer, parameter ::
n234567890123456789012345678901234567890123456789012345678901 = 16
   type (t234567890123456789012345678901234567890123456789012345678901 &
      (n234567890123456789012345678901234567890123456789012345678901, :)), &
      allocatable ::
x234567890123456789012345678901234567890123456789012345678901
end


$ cat z1_63.f90
program p
   type t23456789012345678901234567890123456789012345678901234567890123 &
       (a23456789012345678901234567890123456789012345678901234567890123, &
        b23456789012345678901234567890123456789012345678901234567890123)
      integer, kind ::
a23456789012345678901234567890123456789012345678901234567890123
      integer, len :: 
b23456789012345678901234567890123456789012345678901234567890123
   end type
   integer, parameter ::
n23456789012345678901234567890123456789012345678901234567890123 = 16
   type (t23456789012345678901234567890123456789012345678901234567890123 &
        (n23456789012345678901234567890123456789012345678901234567890123, :)),
&
      allocatable ::
x23456789012345678901234567890123456789012345678901234567890123
end


$ gfortran-11-20200621 -c z1_60.f90
$
$ gfortran-11-20200621 -c z1_61.f90
f951: internal compiler error: in gfc_match_decl_type_spec, at
fortran/decl.c:4290
0x64849f gfc_match_decl_type_spec(gfc_typespec*, int)
        ../../gcc/fortran/decl.c:4290
0x6491dc gfc_match_data_decl()
        ../../gcc/fortran/decl.c:6124
0x6ad323 match_word
        ../../gcc/fortran/parse.c:65
0x6ad323 decode_statement
        ../../gcc/fortran/parse.c:376
0x6aed6a next_free
        ../../gcc/fortran/parse.c:1280
0x6aed6a next_statement
        ../../gcc/fortran/parse.c:1512
0x6b03bb parse_spec
        ../../gcc/fortran/parse.c:3923
0x6b318c parse_progunit
        ../../gcc/fortran/parse.c:5852
0x6b4869 gfc_parse_file()
        ../../gcc/fortran/parse.c:6393
0x70098f gfc_be_parse_file
        ../../gcc/fortran/f95-lang.c:212

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug fortran/95826] ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
  2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
@ 2020-06-22 20:58 ` anlauf at gcc dot gnu.org
  2020-06-23 21:09 ` anlauf at gcc dot gnu.org
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: anlauf at gcc dot gnu.org @ 2020-06-22 20:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

anlauf at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2020-06-22
           Priority|P3                          |P4
                 CC|                            |anlauf at gcc dot gnu.org
           Assignee|unassigned at gcc dot gnu.org      |anlauf at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #1 from anlauf at gcc dot gnu.org ---
This is fixed by:

diff --git a/gcc/fortran/decl.c b/gcc/fortran/decl.c
index c8a98537e87..fd4e1dc2322 100644
--- a/gcc/fortran/decl.c
+++ b/gcc/fortran/decl.c
@@ -4095,7 +4095,7 @@ match
 gfc_match_decl_type_spec (gfc_typespec *ts, int implicit_flag)
 {
   /* Provide sufficient space to hold "pdtsymbol".  */
-  char name[GFC_MAX_SYMBOL_LEN + 1 + 3];
+  char *name = XALLOCAVEC (char, GFC_MAX_SYMBOL_LEN + 1);
   gfc_symbol *sym, *dt_sym;
   match m;
   char c;
@@ -4286,8 +4286,10 @@ gfc_match_decl_type_spec (gfc_typespec *ts, int
implicit_flag)
          gcc_assert (!sym->attr.pdt_template && sym->attr.pdt_type);
          ts->u.derived = sym;
          const char* lower = gfc_dt_lower_string (sym->name);
-         size_t len = strnlen (lower, sizeof (name));
-         gcc_assert (len < sizeof (name));
+         size_t len = strlen (lower);
+         /* Reallocate with sufficient size.  */
+         if (len > GFC_MAX_SYMBOL_LEN)
+           name = XALLOCAVEC (char, len + 1);
          memcpy (name, lower, len);
          name[len] = '\0';
        }

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug fortran/95826] ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
  2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
  2020-06-22 20:58 ` [Bug fortran/95826] " anlauf at gcc dot gnu.org
@ 2020-06-23 21:09 ` anlauf at gcc dot gnu.org
  2020-06-25 18:32 ` cvs-commit at gcc dot gnu.org
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: anlauf at gcc dot gnu.org @ 2020-06-23 21:09 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

--- Comment #2 from anlauf at gcc dot gnu.org ---
Patch posted for review:

https://gcc.gnu.org/pipermail/fortran/2020-June/054582.html

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug fortran/95826] ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
  2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
  2020-06-22 20:58 ` [Bug fortran/95826] " anlauf at gcc dot gnu.org
  2020-06-23 21:09 ` anlauf at gcc dot gnu.org
@ 2020-06-25 18:32 ` cvs-commit at gcc dot gnu.org
  2020-06-26 19:07 ` cvs-commit at gcc dot gnu.org
  2020-06-27 13:11 ` anlauf at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-06-25 18:32 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Harald Anlauf <anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:35a335a159216548fc77263ac5df71ff29d3f448

commit r11-1666-g35a335a159216548fc77263ac5df71ff29d3f448
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Thu Jun 25 20:32:13 2020 +0200

    PR fortran/95826 - Buffer overflows with PDTs and long symbols

    With PDTs (parameterized derived types), name mangling results in variably
    long internal symbols.  Use a dynamic buffer instead of a fixed-size one.

    gcc/fortran/
            PR fortran/95826
            * decl.c (gfc_match_decl_type_spec): Replace a fixed size
            buffer by a pointer and reallocate if necessary.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug fortran/95826] ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
  2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
                   ` (2 preceding siblings ...)
  2020-06-25 18:32 ` cvs-commit at gcc dot gnu.org
@ 2020-06-26 19:07 ` cvs-commit at gcc dot gnu.org
  2020-06-27 13:11 ` anlauf at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-06-26 19:07 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Harald Anlauf
<anlauf@gcc.gnu.org>:

https://gcc.gnu.org/g:32613b6af830f12ee5b6ef97edd782666f47cbb8

commit r10-8375-g32613b6af830f12ee5b6ef97edd782666f47cbb8
Author: Harald Anlauf <anlauf@gmx.de>
Date:   Thu Jun 25 20:32:13 2020 +0200

    PR fortran/95826 - Buffer overflows with PDTs and long symbols

    With PDTs (parameterized derived types), name mangling results in variably
    long internal symbols.  Use a dynamic buffer instead of a fixed-size one.

    gcc/fortran/
            PR fortran/95826
            * decl.c (gfc_match_decl_type_spec): Replace a fixed size
            buffer by a pointer and reallocate if necessary.

    (cherry picked from commit 35a335a159216548fc77263ac5df71ff29d3f448)

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug fortran/95826] ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290
  2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
                   ` (3 preceding siblings ...)
  2020-06-26 19:07 ` cvs-commit at gcc dot gnu.org
@ 2020-06-27 13:11 ` anlauf at gcc dot gnu.org
  4 siblings, 0 replies; 6+ messages in thread
From: anlauf at gcc dot gnu.org @ 2020-06-27 13:11 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95826

anlauf at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #5 from anlauf at gcc dot gnu.org ---
Fixed on master for gcc-11 and on 10-branch.

Thanks for the report!

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-06-27 13:11 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-22 20:18 [Bug fortran/95826] New: ICE in gfc_match_decl_type_spec, at fortran/decl.c:4290 gscfq@t-online.de
2020-06-22 20:58 ` [Bug fortran/95826] " anlauf at gcc dot gnu.org
2020-06-23 21:09 ` anlauf at gcc dot gnu.org
2020-06-25 18:32 ` cvs-commit at gcc dot gnu.org
2020-06-26 19:07 ` cvs-commit at gcc dot gnu.org
2020-06-27 13:11 ` anlauf at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).