https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99307
Tobias Burnus <burnus at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |burnus at gcc dot gnu.org
--- Comment #4 from Tobias Burnus <burnus at gcc dot gnu.org> ---
(In reply to Dominique d'Humieres from comment #1)
> Reduced test
While -fsanitize=address,undefined does not find anything on x86_64-gnu-linux,
I do see with valgrind:
==98347== Invalid write of size 8
==98347== at 0x40397E: test_t1_ (ijd.f90:43)
==98347== by 0x403A4E: MAIN__ (ijd.f90:60)
==98347== by 0x403A85: main (ijd.f90:61)
==98347== Address 0x4f55c98 is 8 bytes inside a block of size 12 alloc'd
==98347== at 0x483DFAF: realloc (in
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==98347== by 0x402A6D: test_t1_ (ijd.f90:40)
==98347== by 0x403A4E: MAIN__ (ijd.f90:60)
==98347== by 0x403A85: main (ijd.f90:61)
That's:
x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)]
y = x
x = realloc_t1 (y) ! <<< line 40, 8 bytes alloc'd inside block of size 12
x = realloc_t1 (x)
x = x(3:1:-1) + y
x = [t2(1,10.0),t2(2,20.0),t2(3,30.0)] ! <<< line 43, invalid write of size 8
Looking at the Fortran code,
x and y have the dynamic type T2 until 'realloc_t1', which turns this into
the dynamic type T1.
In the last line (line 43), the dynamic type changes again to T2.
In terms of memory usage: 3*8bytes before the first realloc_t1 call, then
3*4bytes and for the last line again 3*8bytes.
* * *
It seems as if the reallocation does not work properly if the dynamic type
changes – at least not if the required size increased in the assignment. (The
valgrind message implies that shrinking did work in line 40.)
