diff mbox series

Do not dereference NULL pointer in resolve_ref (PR fortran/89185).

Message ID 96183fe7-a1a0-86ee-9230-71cc2795ae9a@suse.cz
State New
Headers show
Series Do not dereference NULL pointer in resolve_ref (PR fortran/89185). | expand

Commit Message

Martin Liška Feb. 4, 2019, 12:45 p.m. UTC 
Hi.

In r268092 there was added a code that guard the loop
in resolve_ref. Unfortunately, one needs to prevent execution
of 'prev = &(*prev)->next' that happens before the loop guard check.

Patch can bootstrap on x86_64-linux-gnu and survives regression tests.

Ready to be installed?
Thanks,
Martin

gcc/fortran/ChangeLog:

2019-02-04  Martin Liska  <mliska@suse.cz>

	PR fortran/89185
	* resolve.c (resolve_ref): Remove breakout variable as
	we need to prevent prev = &(*prev)->next to happen
	with *prev == NULL.
---
 gcc/fortran/resolve.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

Comments

Thomas König Feb. 4, 2019, 1:22 p.m. UTC | #1 
Hi Martin,

> Patch can bootstrap on x86_64-linux-gnu and survives regression tests.
> 
> Ready to be installed?
> Thanks,
> Martin

Ok. Thanks for the very quick fix!

Regards

Thomas
diff mbox series

Patch

diff --git a/gcc/fortran/resolve.c b/gcc/fortran/resolve.c
index 5e95777af55..92d27fc7632 100644
--- a/gcc/fortran/resolve.c
+++ b/gcc/fortran/resolve.c
@@ -5046,7 +5046,6 @@  resolve_ref (gfc_expr *expr)
   int current_part_dimension, n_components, seen_part_dimension;
   gfc_ref *ref, **prev;
   bool equal_length;
-  bool breakout;
 
   for (ref = expr->ref; ref; ref = ref->next)
     if (ref->type == REF_ARRAY && ref->u.ar.as == NULL)
@@ -5055,8 +5054,8 @@  resolve_ref (gfc_expr *expr)
 	break;
       }
 
-  breakout = false;
-  for (prev = &expr->ref; !breakout && *prev != NULL; prev = &(*prev)->next)
+  for (prev = &expr->ref; *prev != NULL;
+       prev = *prev == NULL ? prev : &(*prev)->next)
     switch ((*prev)->type)
       {
       case REF_ARRAY:
@@ -5082,8 +5081,6 @@  resolve_ref (gfc_expr *expr)
 	    expr->ts.u.cl = ref->u.ss.length;
 	    ref->u.ss.length = NULL;
 	    gfc_free_ref_list (ref);
-	    if (*prev == NULL)
-	      breakout = true;
 	  }
 	break;
       }