[Bug fortran/82721] [8/9/10/11 Regression] Error message with corrupted text, sometimes ICE

Tue, 02 Mar 2021 23:38:37 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82721

Vittorio Zecca <zeccav at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zeccav at gmail dot com

--- Comment #13 from Vittorio Zecca <zeccav at gmail dot com> ---
On my sanitized trunk version I get the following.
This is on x86-64 Fedora 33 and line numbers
~/local/gcc-150221-sanitized/bin/gfortran z82721.f90 -S
z82721.f90:3:25:

    3 |    character(len(c)) :: b
      |                         1
Error: Symbol ‘b’ at (1) already has basic type of REAL
=================================================================
==147959==ERROR: AddressSanitizer: heap-use-after-free on address
0x6040000017f8 at pc 0x0000008b02df bp 0x7fffc363cef0 sp 0x7fffc363cee8
READ of size 8 at 0x6040000017f8 thread T0
    #0 0x8b02de in check_host_association
../../gcc-150221/gcc/fortran/resolve.c:5978
    #1 0x8c1b4b in gfc_resolve_expr(gfc_expr*)
../../gcc-150221/gcc/fortran/resolve.c:7096
    #2 0x91d1bf in resolve_index_expr
../../gcc-150221/gcc/fortran/resolve.c:12406
    #3 0x91d79f in resolve_charlen ../../gcc-150221/gcc/fortran/resolve.c:12459
    #4 0x96f604 in resolve_types ../../gcc-150221/gcc/fortran/resolve.c:17294
    #5 0x970adf in gfc_resolve(gfc_namespace*)
../../gcc-150221/gcc/fortran/resolve.c:17411
    #6 0x81fc90 in resolve_all_program_units
../../gcc-150221/gcc/fortran/parse.c:6290
    #7 0x82229f in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6542
    #8 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
    #9 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
    #10 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
    #11 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
    #12 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
    #13 0x147bdbb291e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)
    #14 0x41958d in _start
(/home/vitti/1TB/local/gcc-150221-sanitized/libexec/gcc/x86_64-pc-linux-gnu/11.0.0/f951+0x41958d)

0x6040000017f8 is located 40 bytes inside of 48-byte region
[0x6040000017d0,0x604000001800)
freed by thread T0 here:
    #0 0x147bdca7b797 in __interceptor_free
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0xa1cd6f in gfc_delete_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2964
    #2 0xa25801 in gfc_restore_last_undo_checkpoint()
../../gcc-150221/gcc/fortran/symbol.c:3706
    #3 0xa25a5f in gfc_undo_symbols()
../../gcc-150221/gcc/fortran/symbol.c:3739
    #4 0x80175f in reject_statement ../../gcc-150221/gcc/fortran/parse.c:2678
    #5 0x7f2bb0 in match_word ../../gcc-150221/gcc/fortran/parse.c:70
    #6 0x7f445d in decode_statement ../../gcc-150221/gcc/fortran/parse.c:376
    #7 0x7fd6c8 in next_free ../../gcc-150221/gcc/fortran/parse.c:1316
    #8 0x7fe845 in next_statement ../../gcc-150221/gcc/fortran/parse.c:1548
    #9 0x80cb86 in parse_spec ../../gcc-150221/gcc/fortran/parse.c:3967
    #10 0x81bef7 in parse_progunit ../../gcc-150221/gcc/fortran/parse.c:5896
    #11 0x821732 in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6437
    #12 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212
    #13 0x33fa43d in compile_file ../../gcc-150221/gcc/toplev.c:457
    #14 0x34097a2 in do_compile ../../gcc-150221/gcc/toplev.c:2197
    #15 0x340a39f in toplev::main(int, char**)
../../gcc-150221/gcc/toplev.c:2336
    #16 0x7f24cb9 in main ../../gcc-150221/gcc/main.c:39
    #17 0x147bdbb291e1 in __libc_start_main (/usr/lib64/libc.so.6+0x281e1)

previously allocated by thread T0 here:
    #0 0x147bdca7bc47 in __interceptor_calloc
../../../../gcc-150221/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x83c3e31 in xcalloc ../../gcc-150221/libiberty/xmalloc.c:162
    #2 0xa1cade in gfc_new_symtree(gfc_symtree**, char const*)
../../gcc-150221/gcc/fortran/symbol.c:2934
    #3 0xa20eed in gfc_get_sym_tree(char const*, gfc_namespace*, gfc_symtree**,
bool) ../../gcc-150221/gcc/fortran/symbol.c:3384
    #4 0xa21e11 in gfc_get_ha_sym_tree(char const*, gfc_symtree**)
../../gcc-150221/gcc/fortran/symbol.c:3469
    #5 0x846df0 in gfc_match_rvalue(gfc_expr**)
../../gcc-150221/gcc/fortran/primary.c:3512
    #6 0x7191c4 in match_primary ../../gcc-150221/gcc/fortran/matchexp.c:157
    #7 0x7194a7 in match_level_1 ../../gcc-150221/gcc/fortran/matchexp.c:211
    #8 0x719832 in match_mult_operand
../../gcc-150221/gcc/fortran/matchexp.c:267
    #9 0x71a031 in match_add_operand
../../gcc-150221/gcc/fortran/matchexp.c:356
    #10 0x71a9bd in match_level_2 ../../gcc-150221/gcc/fortran/matchexp.c:480
    #11 0x71af3e in match_level_3 ../../gcc-150221/gcc/fortran/matchexp.c:551
    #12 0x71b368 in match_level_4 ../../gcc-150221/gcc/fortran/matchexp.c:599
    #13 0x71c2f7 in match_and_operand
../../gcc-150221/gcc/fortran/matchexp.c:693
    #14 0x71c5b1 in match_or_operand
../../gcc-150221/gcc/fortran/matchexp.c:722
    #15 0x71c9c2 in match_equiv_operand
../../gcc-150221/gcc/fortran/matchexp.c:765
    #16 0x71cdd3 in match_level_5 ../../gcc-150221/gcc/fortran/matchexp.c:811
    #17 0x71d283 in gfc_match_expr(gfc_expr**)
../../gcc-150221/gcc/fortran/matchexp.c:870
    #18 0x4f8e6b in char_len_param_value
../../gcc-150221/gcc/fortran/decl.c:1072
    #19 0x515d15 in gfc_match_char_spec(gfc_typespec*)
../../gcc-150221/gcc/fortran/decl.c:3431
    #20 0x51f4a7 in gfc_match_decl_type_spec(gfc_typespec*, int)
../../gcc-150221/gcc/fortran/decl.c:4172
    #21 0x52b904 in gfc_match_data_decl()
../../gcc-150221/gcc/fortran/decl.c:6132
    #22 0x7f2b01 in match_word ../../gcc-150221/gcc/fortran/parse.c:65
    #23 0x7f445d in decode_statement ../../gcc-150221/gcc/fortran/parse.c:376
    #24 0x7fd6c8 in next_free ../../gcc-150221/gcc/fortran/parse.c:1316
    #25 0x7fe845 in next_statement ../../gcc-150221/gcc/fortran/parse.c:1548
    #26 0x80cb86 in parse_spec ../../gcc-150221/gcc/fortran/parse.c:3967
    #27 0x81bef7 in parse_progunit ../../gcc-150221/gcc/fortran/parse.c:5896
    #28 0x821732 in gfc_parse_file() ../../gcc-150221/gcc/fortran/parse.c:6437
    #29 0xa64b7c in gfc_be_parse_file
../../gcc-150221/gcc/fortran/f95-lang.c:212

SUMMARY: AddressSanitizer: heap-use-after-free
../../gcc-150221/gcc/fortran/resolve.c:5978 in check_host_association
Shadow bytes around the buggy address:
  0x0c087fff82a0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x0c087fff82b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c087fff82c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c087fff82d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x0c087fff82e0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
=>0x0c087fff82f0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd[fd]
  0x0c087fff8300: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fd
  0x0c087fff8310: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fa
  0x0c087fff8320: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x0c087fff8330: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c087fff8340: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==147959==ABORTING

Reply via email to