[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 anlauf at gcc dot gnu.org changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #15 from anlauf at gcc dot gnu.org --- Fixed on master for GCC-11, and backported to 10-branch and 9-branch. Thanks for the report and assistance in pinpointing the origin of the problem!
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #14 from CVS Commits --- The releases/gcc-9 branch has been updated by Harald Anlauf : https://gcc.gnu.org/g:075bec57a1c63a1b1de9d95909866a6548380390 commit r9-8654-g075bec57a1c63a1b1de9d95909866a6548380390 Author: Harald Anlauf Date: Fri Jun 5 20:30:34 2020 +0200 PR fortran/95530, PR fortran/95537 - Buffer overflows with long symbols The testcases for PR95090 and PR95106 trigger buffer overflows with long symbols that were found with an instrumented compiler. Enlarge the affected buffers, and add checks that the buffers will suffice. 2020-06-05 Harald Anlauf gcc/fortran/ PR fortran/95530 PR fortran/95537 * decl.c (gfc_match_decl_type_spec): Enlarge buffer, and enhance string copy to detect buffer overflow. * gfortran.h (gfc_common_head): Enlarge buffer. * trans-common.c (finish_equivalences): Enhance string copy to detect buffer overflow. (cherry picked from commit bcd96c9cce962ca5b2c6f8459597fb759f945ccf)
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #13 from CVS Commits --- The releases/gcc-10 branch has been updated by Harald Anlauf : https://gcc.gnu.org/g:36442ee216acbe9a345ae625be53efbde8626477 commit r10-8254-g36442ee216acbe9a345ae625be53efbde8626477 Author: Harald Anlauf Date: Fri Jun 5 20:30:34 2020 +0200 PR fortran/95530, PR fortran/95537 - Buffer overflows with long symbols The testcases for PR95090 and PR95106 trigger buffer overflows with long symbols that were found with an instrumented compiler. Enlarge the affected buffers, and add checks that the buffers will suffice. 2020-06-05 Harald Anlauf gcc/fortran/ PR fortran/95530 PR fortran/95537 * decl.c (gfc_match_decl_type_spec): Enlarge buffer, and enhance string copy to detect buffer overflow. * gfortran.h (gfc_common_head): Enlarge buffer. * trans-common.c (finish_equivalences): Enhance string copy to detect buffer overflow. (cherry picked from commit bcd96c9cce962ca5b2c6f8459597fb759f945ccf)
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #12 from CVS Commits --- The master branch has been updated by Harald Anlauf : https://gcc.gnu.org/g:bcd96c9cce962ca5b2c6f8459597fb759f945ccf commit r11-1009-gbcd96c9cce962ca5b2c6f8459597fb759f945ccf Author: Harald Anlauf Date: Fri Jun 5 20:30:34 2020 +0200 PR fortran/95530, PR fortran/95537 - Buffer overflows with long symbols The testcases for PR95090 and PR95106 trigger buffer overflows with long symbols that were found with an instrumented compiler. Enlarge the affected buffers, and add checks that the buffers will suffice. 2020-06-05 Harald Anlauf gcc/fortran/ PR fortran/95530 PR fortran/95537 * decl.c (gfc_match_decl_type_spec): Enlarge buffer, and enhance string copy to detect buffer overflow. * gfortran.h (gfc_common_head): Enlarge buffer. * trans-common.c (finish_equivalences): Enhance string copy to detect buffer overflow.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 anlauf at gcc dot gnu.org changed: What|Removed |Added Priority|P3 |P4 --- Comment #11 from anlauf at gcc dot gnu.org --- Patch submitted for review: https://gcc.gnu.org/pipermail/fortran/2020-June/054473.html
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #10 from Bill Seurer --- The combined patch cleans up the ICEs for both issues.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #9 from anlauf at gcc dot gnu.org --- Created attachment 48679 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48679=edit Joint patch to fix the fallout reported in pr95530 and pr95537 Here's a clean patch that should fix the issues.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #8 from Bill Seurer --- Oops, no, they are different. But this one works.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #7 from Bill Seurer --- The fortran.h patch (which looks to be the same one you asked about in pr95537) works here: make -k check-gcc-fortran RUNTESTFLAGS=dg.exp=gfortran.dg/equiv_11.f90 # of expected passes3
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 anlauf at gcc dot gnu.org changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|unassigned at gcc dot gnu.org |anlauf at gcc dot gnu.org --- Comment #6 from anlauf at gcc dot gnu.org --- In addition to the patch in comment#5, we can "harden" the strcpy: diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c index 3775a8bea74..1acc336eacf 100644 --- a/gcc/fortran/trans-common.c +++ b/gcc/fortran/trans-common.c @@ -1314,7 +1314,11 @@ finish_equivalences (gfc_namespace *ns) c->where = ns->proc_name->declared_at; else if (ns->is_block_data) c->where = ns->sym_root->n.sym->declared_at; - strcpy (c->name, z->module); + + size_t len = strlen (z->module); + gcc_assert (len < sizeof (c->name)); + memcpy (c->name, z->module, len); + c->name[len] = '\0'; } else c = NULL;
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 anlauf at gcc dot gnu.org changed: What|Removed |Added Status|UNCONFIRMED |NEW Ever confirmed|0 |1 Last reconfirmed||2020-06-04 --- Comment #5 from anlauf at gcc dot gnu.org --- (In reply to Bill Seurer from comment #4) > Note that I did this run on a power 9 LE system. Well, that is already helpful. Can you please try the following patch? diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h index 5af44847f9b..0ef7b1b0eff 100644 --- a/gcc/fortran/gfortran.h +++ b/gcc/fortran/gfortran.h @@ -1677,7 +1677,8 @@ typedef struct gfc_common_head char use_assoc, saved, threadprivate; unsigned char omp_declare_target : 1; unsigned char omp_declare_target_link : 1; - char name[GFC_MAX_SYMBOL_LEN + 1]; + /* Provide sufficient space to hold "symbol.eq.1234567890". */ + char name[GFC_MAX_SYMBOL_LEN + 1 + 14]; struct gfc_symbol *head; const char* binding_label; int is_bind_c;
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #4 from Bill Seurer --- Note that I did this run on a power 9 LE system.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #3 from Bill Seurer --- The debug build did not ICE. Going back to a normal build and running f951 in gdb I see: (gdb) run /home/seurer/gcc/git/gcc-test/gcc/testsuite/gfortran.dg/equiv_11.f90 -quiet -dumpbase equiv_11.f90 -dumpbase-ext .f90 -mcpu=power9 -O -version -fdiagnostics-color=never -fdiagnostics-urls=never -fno-diagnostics-show-caret -fno-diagnostics-show-line-numbers -fdiagnostics-urls=never -fsecond-underscore -ffat-lto-objects -fno-ident -o equiv_11.s -fintrinsic-modules-path finclude Starting program: /home3/seurer/gcc/git/build/gcc-test/gcc/f951 /home/seurer/gcc/git/gcc-test/gcc/testsuite/gfortran.dg/equiv_11.f90 -quiet -dumpbase equiv_11.f90 -dumpbase-ext .f90 -mcpu=power9 -O -version -fdiagnostics-color=never -fdiagnostics-urls=never -fno-diagnostics-show-caret -fno-diagnostics-show-line-numbers -fdiagnostics-urls=never -fsecond-underscore -ffat-lto-objects -fno-ident -o equiv_11.s -fintrinsic-modules-path finclude GNU Fortran (GCC) version 11.0.0 20200604 (experimental) [remotes/origin/HEAD revision 0ddb93ce7:d48b471b9:7ece3bd8088983289731450826c238eb2bdd2db5] (powerpc64le-unknown-linux-gnu) compiled by GNU C version 7.4.0, GMP version 6.1.0, MPFR version 3.1.4, MPC version 1.0.3, isl version isl-0.18-GMP GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096 GNU Fortran2008 (GCC) version 11.0.0 20200604 (experimental) [remotes/origin/HEAD revision 0ddb93ce7:d48b471b9:7ece3bd8088983289731450826c238eb2bdd2db5] (powerpc64le-unknown-linux-gnu) compiled by GNU C version 7.4.0, GMP version 6.1.0, MPFR version 3.1.4, MPC version 1.0.3, isl version isl-0.18-GMP GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096 *** buffer overflow detected ***: /home3/seurer/gcc/git/build/gcc-test/gcc/f951 terminated Program received signal SIGABRT, Aborted. 0x77bfe98c in __libc_signal_restore_set (set=0x7fffde38) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80 80 ../sysdeps/unix/sysv/linux/nptl-signals.h: No such file or directory. (gdb) where #0 0x77bfe98c in __libc_signal_restore_set (set=0x7fffde38) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80 #1 __GI_raise (sig=) at ../sysdeps/unix/sysv/linux/raise.c:48 #2 0x77c00be0 in __GI_abort () at abort.c:79 #3 0x77c508fc in __libc_message (action=, fmt=) at ../sysdeps/posix/libc_fatal.c:181 #4 0x77d24d74 in __GI___fortify_fail_abort (need_backtrace=true, msg=) at fortify_fail.c:33 #5 0x77d24e10 in __GI___fortify_fail (msg=) at fortify_fail.c:44 #6 0x77d21680 in __GI___chk_fail () at chk_fail.c:28 #7 0x77d203e4 in __strcpy_chk (dest=0x12555724 "", src=0x75c402d0 "m2345678901234567890123456789012345678901234567890123456789_123.eq.0", destlen=64) at strcpy_chk.c:30 #8 0x103d8654 in strcpy (__src=0x75c402d0 "m2345678901234567890123456789012345678901234567890123456789_123.eq.0", __dest=) at /usr/include/powerpc64le-linux-gnu/bits/string_fortified.h:90 #9 finish_equivalences (ns=0x125518b0) at /home/seurer/gcc/git/gcc-test/gcc/fortran/trans-common.c:1317 #10 gfc_trans_common (ns=0x125518b0) at /home/seurer/gcc/git/gcc-test/gcc/fortran/trans-common.c:1359 #11 0x103f25a0 in gfc_generate_module_vars (ns=0x125518b0) at /home/seurer/gcc/git/gcc-test/gcc/fortran/trans-decl.c:5796 #12 0x103b049c in gfc_generate_module_code (ns=0x125518b0) at /home/seurer/gcc/git/gcc-test/gcc/fortran/trans.c:2238 #13 0x10330874 in translate_all_program_units (gfc_global_ns_list=0x125518b0) at /home/seurer/gcc/git/gcc-test/gcc/fortran/parse.c:6293 #14 gfc_parse_file () at /home/seurer/gcc/git/gcc-test/gcc/fortran/parse.c:6545 #15 0x103a4120 in gfc_be_parse_file () at /home/seurer/gcc/git/gcc-test/gcc/fortran/f95-lang.c:212 #16 0x10bdd974 in compile_file () at /home/seurer/gcc/git/gcc-test/gcc/toplev.c:458 #17 0x10249b34 in do_compile () at /home/seurer/gcc/git/gcc-test/gcc/toplev.c:2302 #18 toplev::main (this=0x7fffe896, argc=, argv=) at /home/seurer/gcc/git/gcc-test/gcc/toplev.c:2441 #19 0x1024c004 in main (argc=, argv=0x7fffecb8) at /home/seurer/gcc/git/gcc-test/gcc/main.c:39
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #2 from Bill Seurer --- The above is all the traceback a normal compiler build provided. I will try building a debug version.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 --- Comment #1 from anlauf at gcc dot gnu.org --- Are you able to produce a traceback? valgrind unfortunately does not provide any hints.
[Bug fortran/95530] [11 regression] ICE in gfortran.dg/equiv_11.f90 after r11-594
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95530 Richard Biener changed: What|Removed |Added Target Milestone|--- |11.0
