From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 9FA4E3858D28; Sun, 23 Jul 2023 19:12:31 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9FA4E3858D28
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1690139551;
	bh=AQGIJ7TXwLD6cP7P0Bi+fWjN01CB9ewKKCuWnQWqInI=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=DV7kxxHbyN8tcg2y4Iu20A+THdEiIKVa3ppr5rtqtOabJPo2ELIcxQ4mS2PzAhy4+
	 4nX7OsVu75rVHDyXtIw/5IqIyi0GBG1s8wXV9MpvWXXfKu3DdR/O92ZY+mp588kODT
	 6Sk7iH1BdoiyLzlRnKfkyAJ6lXCSs90bBOh+sIpc=
From: "anlauf at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug fortran/98433] double free detected in tcache 2, after merge of
 structures
Date: Sun, 23 Jul 2023 19:12:30 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: fortran
X-Bugzilla-Version: 9.3.0
X-Bugzilla-Keywords: wrong-code
X-Bugzilla-Severity: normal
X-Bugzilla-Who: anlauf at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P4
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords
Message-ID: <bug-98433-4-oTCp3MRkNI@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-98433-4@http.gcc.gnu.org/bugzilla/>
References: <bug-98433-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98433

anlauf at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |wrong-code

--- Comment #8 from anlauf at gcc dot gnu.org ---
We are now generating a shallow copy instead of a deep copy for the line:

    x3 =3D merge(x1, x2, .false.)

This gives:

      {
        struct t D.4345;
        struct t D.4346;
        struct t D.4347;

        D.4345 =3D x1;
        D.4346 =3D x2;
        D.4347 =3D x3;
        x3 =3D D.4346;
        if ((real(kind=3D4)[0:] * restrict) D.4347.v.data !=3D 0B)
          {
            __builtin_free ((void *) D.4347.v.data);
            (real(kind=3D4)[0:] * restrict) D.4347.v.data =3D 0B;
          }
      }

while e.g. the assignment x3 =3D x2 produces:

...
        x3 =3D x2;
        if ((void *) x2.v.data !=3D 0B)
          {
            D.4346 =3D (x2.v.dim[0].ubound - x2.v.dim[0].lbound) + 1;
            D.4347 =3D NON_LVALUE_EXPR <D.4346>;
            D.4348 =3D (void * restrict) __builtin_malloc (MAX_EXPR <(unsig=
ned
long) (D.4347 * 4), 1>);
            x3.v.data =3D D.4348;
            __builtin_memcpy ((real(kind=3D4)[0:] * restrict) x3.v.data,
(real(kind=3D4)[0:] * restrict) x2.v.data, (unsigned long) (D.4347 * 4));
          }
        else
          {
            x3.v.data =3D 0B;
          }
...=