https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105230
kargl at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P4
Status|UNCONFIRMED |NEW
Last reconfirmed| |2022-04-11
CC| |kargl at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #1 from kargl at gcc dot gnu.org ---
Started with 22015e77d3e4.
I cannot work out the logic here in expr.cc:1595-1603
if ((begin && begin->expr_type != EXPR_CONSTANT)
|| (finish && finish->expr_type != EXPR_CONSTANT)
|| (step && step->expr_type != EXPR_CONSTANT)
|| (!begin && !lower)
|| (!finish && !upper))
{
t = false;
goto cleanup;
}
upper is NULL and later in 1634 it is dereferenced. This patch fixes
the problem, but the above logic likely needs fixing.
diff --git a/gcc/fortran/expr.cc b/gcc/fortran/expr.cc
index 86d61fed302..4fcdf009b4b 100644
--- a/gcc/fortran/expr.cc
+++ b/gcc/fortran/expr.cc
@@ -1630,6 +1630,11 @@ find_array_section (gfc_expr *expr, gfc_ref *ref)
if (ref->u.ar.dimen_type[d] == DIMEN_ELEMENT)
mpz_set (end [d], begin->value.integer);
+ if (!upper || !lower)
+ {
+ t = false;
+ goto cleanup;
+ }
/* Check the bounds. */
if (mpz_cmp (ctr[d], upper->value.integer) > 0
|| mpz_cmp (end[d], upper->value.integer) > 0
