PR fortran/101514 - ICE: out of memory allocating 18446744073709551600 bytes

Message ID trinity-a62c83ab-cad5-4233-8f3f-364e6036e874-1626810554527@3c-app-gmx-bap54
State New
Headers show
Series
  • PR fortran/101514 - ICE: out of memory allocating 18446744073709551600 bytes
Related show

Commit Message

Ian Lance Taylor via Gcc-patches July 20, 2021, 7:49 p.m.
While investigating one of Gerhard's latest bug reports, which was almost
obvious to fix after a hint by Richard Biener, I found further variants of
valid and invalid code that lead to either NULL pointer dereferences or
similar OOM situations.

Regtested on x86_64-pc-linux-gnu.  OK for mainline / 11-branch?

Thanks,
Harald


Fortran: ICE, OOM while calculating sizes of derived type array components

gcc/fortran/ChangeLog:

	PR fortran/101514
	* target-memory.c (gfc_interpret_derived): Size of array component
	of derived type can only be computed here for explicit size.
	* trans-types.c (gfc_get_nodesc_array_type): Do not dereference
	NULL pointers.

gcc/testsuite/ChangeLog:

	PR fortran/101514
	* gfortran.dg/pr101514.f90: New test.

Comments

Tobias Burnus July 21, 2021, 4:45 p.m. | #1
On 20.07.21 21:49, Harald Anlauf via Gcc-patches wrote:

> While investigating one of Gerhard's latest bug reports, which was almost

> obvious to fix after a hint by Richard Biener, I found further variants of

> valid and invalid code that lead to either NULL pointer dereferences or

> similar OOM situations.

>

> Regtested on x86_64-pc-linux-gnu.  OK for mainline / 11-branch?


LGTM – thanks!

Tobias

> Fortran: ICE, OOM while calculating sizes of derived type array components

>

> gcc/fortran/ChangeLog:

>

>       PR fortran/101514

>       * target-memory.c (gfc_interpret_derived): Size of array component

>       of derived type can only be computed here for explicit size.

>       * trans-types.c (gfc_get_nodesc_array_type): Do not dereference

>       NULL pointers.

>

> gcc/testsuite/ChangeLog:

>

>       PR fortran/101514

>       * gfortran.dg/pr101514.f90: New test.

>

-----------------
Siemens Electronic Design Automation GmbH; Anschrift: Arnulfstraße 201, 80634 München; Gesellschaft mit beschränkter Haftung; Geschäftsführer: Thomas Heurung, Frank Thürauf; Sitz der Gesellschaft: München; Registergericht München, HRB 106955

Patch

diff --git a/gcc/fortran/target-memory.c b/gcc/fortran/target-memory.c
index cfa8402dd3f..7b21a9e04e8 100644
--- a/gcc/fortran/target-memory.c
+++ b/gcc/fortran/target-memory.c
@@ -534,6 +534,9 @@  gfc_interpret_derived (unsigned char *buffer, size_t buffer_size, gfc_expr *resu
 	{
 	  int n;

+	  if (cmp->as->type != AS_EXPLICIT)
+	    return 0;
+
 	  e->expr_type = EXPR_ARRAY;
 	  e->rank = cmp->as->rank;

diff --git a/gcc/fortran/trans-types.c b/gcc/fortran/trans-types.c
index d715838a046..50fda4328f7 100644
--- a/gcc/fortran/trans-types.c
+++ b/gcc/fortran/trans-types.c
@@ -1644,7 +1644,7 @@  gfc_get_nodesc_array_type (tree etype, gfc_array_spec * as, gfc_packed packed,
       GFC_TYPE_ARRAY_STRIDE (type, n) = tmp;

       expr = as->lower[n];
-      if (expr->expr_type == EXPR_CONSTANT)
+      if (expr && expr->expr_type == EXPR_CONSTANT)
         {
           tmp = gfc_conv_mpz_to_tree (expr->value.integer,
 				      gfc_index_integer_kind);
@@ -1694,7 +1694,7 @@  gfc_get_nodesc_array_type (tree etype, gfc_array_spec * as, gfc_packed packed,
   for (n = as->rank; n < as->rank + as->corank; n++)
     {
       expr = as->lower[n];
-      if (expr->expr_type == EXPR_CONSTANT)
+      if (expr && expr->expr_type == EXPR_CONSTANT)
 	tmp = gfc_conv_mpz_to_tree (expr->value.integer,
 				    gfc_index_integer_kind);
       else
diff --git a/gcc/testsuite/gfortran.dg/pr101514.f90 b/gcc/testsuite/gfortran.dg/pr101514.f90
new file mode 100644
index 00000000000..51fbf8a7e85
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr101514.f90
@@ -0,0 +1,35 @@ 
+! { dg-do compile }
+! PR fortran/101514 - ICE: out of memory allocating ... bytes
+
+subroutine s
+  type t1
+     integer :: a(..) ! { dg-error "must have an explicit shape" }
+  end type
+  type t2
+     integer :: a(*)  ! { dg-error "must have an explicit shape" }
+  end type
+  type t3
+     integer :: a(:)  ! { dg-error "must have an explicit shape" }
+  end type
+  type t4
+     integer :: a(0:) ! { dg-error "must have an explicit shape" }
+  end type
+  type t5
+     integer, allocatable :: a(:)
+  end type
+  type t6
+     integer, pointer     :: a(:)
+  end type
+  type(t1) :: a1
+  type(t2) :: a2
+  type(t3) :: a3
+  type(t4) :: a4
+  type(t5) :: a5
+  type(t6) :: a6
+  a1 = transfer(1, a1)
+  a2 = transfer(1, a2)
+  a3 = transfer(1, a3)
+  a4 = transfer(1, a4)
+  a5 = transfer(1, a5)
+  a6 = transfer(1, a6)
+end