https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65173
--- Comment #7 from Dominique d'Humieres <dominiq at lps dot ens.fr> --- Compiling the test in comment 0 with and instrumented gfortran I get pr65173.f90:7:45: real*8, dimension(256), allocatable :: x 1 Error: Allocatable component of structure at (1) must have a deferred shape pr65173.f90:8:52: real*8, dimension(2,256), allocatable :: bounds 1 Error: Allocatable component of structure at (1) must have a deferred shape pr65173.f90:9:67: character(string_length), dimension(256), allocatable :: names 1 Error: Allocatable component of structure at (1) must have a deferred shape pr65173.f90:13:28: character(*), dimension(), parameter :: char_params = ['element','parametrization'] 1 Error: Expected expression in array specification at (1) ================================================================= ==23996==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400000bf10 at pc 0x0001002a2d95 bp 0x7fff5fbfe830 sp 0x7fff5fbfe828 READ of size 8 at 0x60400000bf10 thread T0 #0 0x1002a2d94 in resolve_component(gfc_component*, gfc_symbol*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2d94) #1 0x1002a5440 in resolve_fl_derived0(gfc_symbol*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a5440) #2 0x1002a61bd in resolve_fl_derived(gfc_symbol*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a61bd) #3 0x1002966c8 in resolve_symbol(gfc_symbol*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002966c8) #4 0x10032dacc in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*), void (*)(gfc_symbol*)) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10032dacc) #5 0x100345881 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*)) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100345881) #6 0x1002d51ed in resolve_types(gfc_namespace*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002d51ed) #7 0x100293315 in gfc_resolve(gfc_namespace*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100293315) #8 0x100223cdc in resolve_all_program_units(gfc_namespace*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100223cdc) #9 0x10023e38e in gfc_parse_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e38e) #10 0x10038020a in gfc_be_parse_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a) #11 0x103bf0124 in compile_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124) #12 0x103bf92ee in do_compile() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee) #13 0x10568dc2f in toplev::main(int, char**) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f) #14 0x105692be5 in main (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5) #15 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254) #16 0xd (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd) 0x60400000bf10 is located 0 bytes inside of 48-byte region [0x60400000bf10,0x60400000bf40) freed by thread T0 here: #0 0x15078e690 in wrap_free.part.0 (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x53690) #1 0x1003446ba in gfc_free_charlen(gfc_charlen*, gfc_charlen*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1003446ba) #2 0x10022400d in reject_statement() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10022400d) #3 0x100224373 in match_word(char const*, match (*)(), locus*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224373) #4 0x1002322bd in decode_statement() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd) #5 0x10023427b in next_free() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b) #6 0x100234af9 in next_statement() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9) #7 0x10023679d in parse_derived() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d) #8 0x100238b9b in parse_spec(gfc_statement) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b) #9 0x10023c78b in parse_progunit(gfc_statement) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b) #10 0x10023e350 in gfc_parse_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350) #11 0x10038020a in gfc_be_parse_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10038020a) #12 0x103bf0124 in compile_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf0124) #13 0x103bf92ee in do_compile() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x103bf92ee) #14 0x10568dc2f in toplev::main(int, char**) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10568dc2f) #15 0x105692be5 in main (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x105692be5) #16 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254) #17 0xd (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd) previously allocated by thread T0 here: #0 0x15078da49 in wrap_calloc (/opt/gcc/gcc7a/lib/libasan.3.dylib+0x52a49) #1 0x1054f169b in xcalloc (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1054f169b) #2 0x100342918 in gfc_new_charlen(gfc_namespace*, gfc_charlen*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100342918) #3 0x100091190 in gfc_match_char_spec(gfc_typespec*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100091190) #4 0x1000a25d8 in gfc_match_decl_type_spec(gfc_typespec*, int) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000a25d8) #5 0x1000adef4 in gfc_match_data_decl() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1000adef4) #6 0x100224306 in match_word(char const*, match (*)(), locus*) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100224306) #7 0x1002322bd in decode_statement() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002322bd) #8 0x10023427b in next_free() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023427b) #9 0x100234af9 in next_statement() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100234af9) #10 0x10023679d in parse_derived() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023679d) #11 0x100238b9b in parse_spec(gfc_statement) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x100238b9b) #12 0x10023c78b in parse_progunit(gfc_statement) (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023c78b) #13 0x10023e350 in gfc_parse_file() (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x10023e350) #19 0x7fffe8d83254 in start (/usr/lib/system/libdyld.dylib+0x5254) #20 0xd (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0xd) SUMMARY: AddressSanitizer: heap-use-after-free (/opt/gcc/gcc7g/libexec/gcc/x86_64-apple-darwin15.6.0/7.0.0/f951+0x1002a2d94) in resolve_component(gfc_component*, gfc_symbol*) Shadow bytes around the buggy address: 0x1c0800001790: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x1c08000017a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd 0x1c08000017b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd 0x1c08000017c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd 0x1c08000017d0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa =>0x1c08000017e0: fa fa[fd]fd fd fd fd fd fa fa fd fd fd fd fd fa 0x1c08000017f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd 0x1c0800001800: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd 0x1c0800001810: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x1c0800001820: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x1c0800001830: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23996==ABORTING f951: internal compiler error: Abort trap: 6 gfcg: internal compiler error: Abort trap: 6 (program f951) Please submit a full bug report, with preprocessed source if appropriate. See <http://gcc.gnu.org/bugs.html> for instructions.