In next_char() of libgfortran/io/list_read.c, dtp->u.p.line_buffer_enabled is
not initialized properly and this may cause segfault while accessing
dtp->u.p.line_buffer[dtp->u.p.item_count] even dtp->u.p.linebuffer is NULL.  I
think it can be solved with initializing in namelist_read() as follows.

Tested with gcc version 4.3.0 20071129 (experimental) (GCC) on Mac OS X 10.4.11
intel.


Index: libgfortran/io/list_read.c
===================================================================
--- libgfortran/io/list_read.c  (revision 130508)
+++ libgfortran/io/list_read.c  (working copy)
@@ -2646,6 +2646,7 @@
   dtp->u.p.namelist_mode = 1;
   dtp->u.p.input_complete = 0;
   dtp->u.p.expanded_read = 0;
+  dtp->u.p.line_buffer_enabled = 0;

   dtp->u.p.eof_jump = &eof_jump;
   if (setjmp (eof_jump))


-- 
           Summary: Uninitialized variable is used in io/list_read.c which
                    causes segfault
           Product: gcc
           Version: 4.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libfortran
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: ek dot kato at gmail dot com


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34291

Reply via email to