diff mbox series

PR fortran/104573 - ICE in resolve_structure_cons, at fortran/resolve.cc:1299

Message ID trinity-447b5aad-73a7-403c-9cb3-1dac18f13b6c-1645046402715@3c-app-gmx-bap59
State New
Headers
Series PR fortran/104573 - ICE in resolve_structure_cons, at fortran/resolve.cc:1299 |

Commit Message

Harald Anlauf Feb. 16, 2022, 9:20 p.m. UTC 
  Dear Fortranners,

while we detect invalid uses of type(*), we may run into other issues
later when the declared variable is used, leading to an ICE due to a
NULL pointer dereference.  This is demonstrated by Gerhard's testcase.

Steve and I came to rather similar fixes, see PR.  Mine is attached.

Regtested on x86_64-pc-linux-gnu.  OK for mainline?

Thanks,
Harald

Comments

Harald Anlauf Feb. 23, 2022, 10:35 p.m. UTC | #1 
Am 16.02.22 um 22:20 schrieb Harald Anlauf via Gcc-patches:
> Dear Fortranners,
>
> while we detect invalid uses of type(*), we may run into other issues
> later when the declared variable is used, leading to an ICE due to a
> NULL pointer dereference.  This is demonstrated by Gerhard's testcase.
>
> Steve and I came to rather similar fixes, see PR.  Mine is attached.
>
> Regtested on x86_64-pc-linux-gnu.  OK for mainline?
>
> Thanks,
> Harald
>
Mikael Morin Feb. 28, 2022, 9:32 p.m. UTC | #2 
Le 16/02/2022 à 22:20, Harald Anlauf via Fortran a écrit :
> Dear Fortranners,
> 
> while we detect invalid uses of type(*), we may run into other issues
> later when the declared variable is used, leading to an ICE due to a
> NULL pointer dereference.  This is demonstrated by Gerhard's testcase.
> 
> Steve and I came to rather similar fixes, see PR.  Mine is attached.
> 
> Regtested on x86_64-pc-linux-gnu.  OK for mainline?
> 
> Thanks,
> Harald
> 

> diff --git a/gcc/fortran/resolve.cc b/gcc/fortran/resolve.cc
> index 266e41e25b1..2fa1acdbd6d 100644
> --- a/gcc/fortran/resolve.cc
> +++ b/gcc/fortran/resolve.cc
> @@ -1288,15 +1288,17 @@ resolve_structure_cons (gfc_expr *expr, int init)
>  	}
>      }
> 
> -  cons = gfc_constructor_first (expr->value.constructor);
> -
>    /* A constructor may have references if it is the result of substituting a
>       parameter variable.  In this case we just pull out the component we
>       want.  */
>    if (expr->ref)
>      comp = expr->ref->u.c.sym->components;
> -  else
> +  else if (expr->ts.u.derived)
>      comp = expr->ts.u.derived->components;

These unprotected union accesses always make me nervous.
I have tried (hard) to exhibit a case not fixed by your patch,
and I have found the case below that almost qualifies, except that there 
is an ICE before anything can happen.
With a minor tweak to prevent the ICE, the problem does appear.

program p
   type t
     integer :: a
   end type
   character(3), parameter :: x = t(2)
   character(3), parameter :: y = x
   print *, y
end

In that case the character length information occupies the same space as 
a derived type symbol; the else-if condition evaluates to true, and 
everything breaks from there.

So please use a condition on expr->ts.type instead.
I think the relevant values associated with ts->u.derived are 
BT_DERIVED, BT_CLASS and BT_UNION.

OK with that change.

Thanks, and sorry for the time I took before looking at it.
Mikael Morin Feb. 28, 2022, 9:38 p.m. UTC | #3 
Le 28/02/2022 à 22:32, Mikael Morin a écrit :
> So please use a condition on expr->ts.type instead.
>I said «instead», but «as well» is more appropriate; both expr.ts.type 
and expr.ts.u.derived conditions are probably necessary.
diff mbox series

Patch

From 01d629506edca711f02912e2cc124f8894cfa389 Mon Sep 17 00:00:00 2001
From: Harald Anlauf <anlauf@gmx.de>
Date: Wed, 16 Feb 2022 22:13:02 +0100
Subject: [PATCH] Fortran: error recovery after invalid assumed type
 declaration

gcc/fortran/ChangeLog:

	PR fortran/104573
	* resolve.cc (resolve_structure_cons): Avoid NULL pointer
	dereference when there is no valid component.

gcc/testsuite/ChangeLog:

	PR fortran/104573
	* gfortran.dg/assumed_type_14.f90: New test.
---
 gcc/fortran/resolve.cc                        |  8 +++++---
 gcc/testsuite/gfortran.dg/assumed_type_14.f90 | 12 ++++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gfortran.dg/assumed_type_14.f90

diff --git a/gcc/fortran/resolve.cc b/gcc/fortran/resolve.cc
index 266e41e25b1..2fa1acdbd6d 100644
--- a/gcc/fortran/resolve.cc
+++ b/gcc/fortran/resolve.cc
@@ -1288,15 +1288,17 @@  resolve_structure_cons (gfc_expr *expr, int init)
 	}
     }

-  cons = gfc_constructor_first (expr->value.constructor);
-
   /* A constructor may have references if it is the result of substituting a
      parameter variable.  In this case we just pull out the component we
      want.  */
   if (expr->ref)
     comp = expr->ref->u.c.sym->components;
-  else
+  else if (expr->ts.u.derived)
     comp = expr->ts.u.derived->components;
+  else
+    return false;
+
+  cons = gfc_constructor_first (expr->value.constructor);

   for (; comp && cons; comp = comp->next, cons = gfc_constructor_next (cons))
     {
diff --git a/gcc/testsuite/gfortran.dg/assumed_type_14.f90 b/gcc/testsuite/gfortran.dg/assumed_type_14.f90
new file mode 100644
index 00000000000..6cfe2e4fb73
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/assumed_type_14.f90
@@ -0,0 +1,12 @@ 
+! { dg-do compile }
+! PR fortran/104573 - ICE in resolve_structure_cons
+! Contributed by G.Steinmetz
+
+program p
+  type t
+  end type
+  type(*), parameter :: x = t() ! { dg-error "Assumed type of variable" }
+  print *, x
+end
+
+! { dg-prune-output "Cannot convert" }
--
2.34.1