From patchwork Thu Feb 18 21:12:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Anlauf X-Patchwork-Id: 1441888 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=E2eCPwf5; dkim-atps=neutral Received: from sourceware.org (unknown [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DhS8b6GRnz9sVS for ; Fri, 19 Feb 2021 08:12:30 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6D4BC3938396; Thu, 18 Feb 2021 21:12:25 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6D4BC3938396 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1613682745; bh=CyZdSVj0VDBUqwhanWiQE8Q2dCtNqU9FLzDFQFB8zl8=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=E2eCPwf5ti2q1T3iPhewg2Jo3wHhDRFqf075fvM9zAqRIi9iryK3C9qOeTchiAC2U VtBtZdJfeKIZ2YuixxwJRnqD4QK76oaJI7P6/oACC0cQZJYdcejbt4SH67yEXcs57Z 4Bnr1bynASr0aZMHaN1sd9Kqz7qX0OSZzfNl2XSQ= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by sourceware.org (Postfix) with ESMTPS id D7150387086C; Thu, 18 Feb 2021 21:12:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D7150387086C X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [93.207.90.177] ([93.207.90.177]) by web-mail.gmx.net (3c-app-gmx-bap37.server.lan [172.19.172.107]) (via HTTP); Thu, 18 Feb 2021 22:12:21 +0100 MIME-Version: 1.0 Message-ID: To: fortran , gcc-patches Subject: [PATCH] PR fortran/99147 - Sanitizer detects heap-use-after-free in gfc_add_flavor Date: Thu, 18 Feb 2021 22:12:21 +0100 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:igc2ZrDRf8GNB+19GYlj1pk7jkEGAUb0gMjh7SMgupEneXy6aTknx1XtIOlRc+O1xVA7G Ro819HHKzviCxnayngVTyMg4fUYvBT9EsXKKXYU5RlThQrG2BtPL1uwT+yoLmUmmJ9VHT9CQYz1f BOpOKhRjaLwCNbK+YXhx+cpGQi29Q+VBDoytlqecBruU3EzEkbwOYUJjIll8MLP2O2Z9QHR6idls sO7KtJa0rwKvqjT4yF+9228kFPOX4bv2dE+RmNr9fpIthxQaBOnyiNj+qiqRsi1MKi3mGXwcDFhG ZE= X-UI-Out-Filterresults: notjunk:1;V03:K0:aedPGvwRFX4=:trmddpJxBCIGESHJqxal/2 pKKEPKoMeH42ReJWHb4SJAX56H3LA0taMmkmlFeMqEudzcKS5ERzNOtrhH2cRCB8h59ptj61u 3sEVTbZCr++YA+U/doI/nB+LWKc2DK4M96CQ6P5c3pavvILs3K1qSxvdqC2jOWK7BOIZjwtii 3m99bGonvS+AeAZfaorqM2js1cSQRM/vC3gIPMICbyfWnvIqJgDA1qKs9W/MEDzEOiuVXB3bq NrY7kBwW8EOeHdcsCqzlHNRjWacsDVz4u2W7rpIpdk99MOCz1JJUQufl3h4NFJWWrBukQ+1ry 94m79PhNEAfK1gz4CcO8jRgBWXQzW4YvjluAjMiP29I1RWb1jajq3ZjgAIx+lWcKoSXBgT+Ws LRiX1nedGDCdUEHyl8DxjlukCX4bifxwrxVzkQfws47FmDXSYnByALkc9yvHlMpNO96gpTuTv VW5zA0qaNQAiAKKq3AZXzVZBYi40BoiQvkcigwpxe1TerN9OJJ75r+ke4nMQRSJ2t3r616+fv JqdWzS4flV96DC3n3DSppPL3+jF9Gva0nIXi7BnNDNUI+B56PQQMZzcIHejUIYfi5cIvyQ+aK pgnax5J+2Mue0= X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Harald Anlauf via Gcc-patches From: Harald Anlauf Reply-To: Harald Anlauf Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" Dear all, the PR reports an issue detected with an ASAN instrumented compiler, which can also be verified with valgrind. It appears that the state of gfc_new_block could be such that it should not be dereferenced. Reversing the order of condition evaluation helped. I failed to find out why this should happen, but then other places in the code put dereferences of gfc_new_block behind other checks. Simple things like initializing gfc_new_block with NULL in decl.c did not help. Regtested on x86_64-pc-linux-gnu. No testcase added since the issue can be found only with an instrumented compiler or valgrind. I consider the patch to be obvious and trivial, but post it here in case somebody wants to dig deeper. OK for master? Thanks, Harald PR fortran/99147 - Sanitizer detects heap-use-after-free in gfc_add_flavor Reverse order of conditions to avoid invalid read. gcc/fortran/ChangeLog: * symbol.c (gfc_add_flavor): Reverse order of conditions. diff --git a/gcc/fortran/symbol.c b/gcc/fortran/symbol.c index 3b988d1be22..e982374d9d1 100644 --- a/gcc/fortran/symbol.c +++ b/gcc/fortran/symbol.c @@ -1772,8 +1772,8 @@ gfc_add_flavor (symbol_attribute *attr, sym_flavor f, const char *name, /* Copying a procedure dummy argument for a module procedure in a submodule results in the flavor being copied and would result in an error without this. */ - if (gfc_new_block && gfc_new_block->abr_modproc_decl - && attr->flavor == f && f == FL_PROCEDURE) + if (attr->flavor == f && f == FL_PROCEDURE + && gfc_new_block && gfc_new_block->abr_modproc_decl) return true; if (attr->flavor != FL_UNKNOWN)