flang icon indicating copy to clipboard operation
flang copied to clipboard

Published 20 hours ago verified publisher icon flang-compiler

Runtime crash due to an incorrect string length in a string array pointer

Open bryanpkc opened this issue 4 years ago • 2 comments

This test program crashes with a segmentation fault when compiled with the latest Flang on X86:

program example
      implicit none
      character(:), pointer :: ptr(:)
      character(3), target :: array(1) = ['foo']

      ptr(2:2) => array
      ptr(2) = 'bar'

      print *, array
end

When compiled with gfortran, the program prints "bar" as expected.

The backtrace of the crash is as follows:

Program received signal SIGSEGV, Segmentation fault.
tcache_get (tc_idx=<optimized out>) at malloc.c:2937
2937    malloc.c: No such file or directory.
(gdb) bt
#0  tcache_get (tc_idx=<optimized out>) at malloc.c:2937
#1  __GI___libc_malloc (bytes=1024) at malloc.c:3051
#2  0x00007ffff766fe84 in __GI__IO_file_doallocate (fp=0x7ffff77d76a0 <_IO_2_1_stdout_>) at filedoalloc.c:101
#3  0x00007ffff7680050 in __GI__IO_doallocbuf (fp=fp@entry=0x7ffff77d76a0 <_IO_2_1_stdout_>) at libioP.h:948
#4  0x00007ffff767f0b0 in _IO_new_file_overflow (f=0x7ffff77d76a0 <_IO_2_1_stdout_>, ch=-1) at fileops.c:745
#5  0x00007ffff767d835 in _IO_new_file_xsputn (n=1, data=<optimized out>, f=<optimized out>) at libioP.h:948
#6  _IO_new_file_xsputn (f=0x7ffff77d76a0 <_IO_2_1_stdout_>, data=<optimized out>, n=1) at fileops.c:1197
#7  0x00007ffff7671541 in __GI__IO_fwrite (buf=0x7ffff7ef385e, size=1, count=1, fp=0x7ffff77d76a0 <_IO_2_1_stdout_>) at libioP.h:948
#8  0x00007ffff7b94c0d in __io_fwrite (ptr=0x7ffff7ef385e " ", size=1, nitems=1, stream=0x7ffff77d76a0 <_IO_2_1_stdout_>) at /home/bryanpkc/src/llvm/flang/runtime/flangrti/iostdinit.c:253
#9  0x00007ffff7cbd88c in write_item (p=0x7ffff7fbd050 <__f90io_conv_buf> "bar", len=3) at /home/bryanpkc/src/llvm/flang/runtime/flang/ldwrite.c:808
#10 0x00007ffff7cbd6b7 in __f90io_ldw (type=14, length=1, stride=3, item=0x4040a0 <.STATICS1> "bar", ' ' <repeats 197 times>..., item_length=3) at /home/bryanpkc/src/llvm/flang/runtime/flang/ldwrite.c:643
#11 0x00007ffff7cbdc89 in f90io_ldw64_aa (type=0x402058 <.C315_MAIN_>, length=0x402070 <.C286_MAIN_>, stride=0x402010 <.C303_MAIN_>, item_adr=0x4040a0 <.STATICS1> "bar", ' ' <repeats 197 times>..., item_len=3) at /home/bryanpkc/src/llvm/flang/runtime/flang/ldwrite.c:727
#12 0x0000000000401579 in example () at string-array-pointer.f90:13
#13 0x00000000004015ed in main (argc=1, argv=0x7fffffffe068) at /home/bryanpkc/src/llvm/flang/runtime/flangmain/flangmain.c:59
#14 0x00007ffff76120b3 in __libc_start_main (main=0x4015a0 <main>, argc=1, argv=0x7fffffffe068, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe058) at ../csu/libc-start.c:308
#15 0x000000000040113e in _start ()

bryanpkc avatar Mar 10 '21 22:03 bryanpkc

The problem seems to be that when initializing the section descriptor for ptr, an incorrect type length is passed to f90_template1_i8. Printing the descriptor inside GDB gives:

(gdb) p *dd
$6 = {tag = 35, rank = 1, kind = 0, len = 65538, flags = 536936448, lsize = 1, gsize = 1, lbase = -1, gbase = 0x0, dist_desc = 0x0, dim = {{lbound = 2, extent = 1, sstride = 1, soffset = 0, lstride = 1, ubound = 2},...

The lbound and ubound fields are set to 2, clearly indicating that this descriptor is for ptr. The len field should have contained 3, since the pointer target is of type CHARACTER(3).

bryanpkc avatar Mar 10 '21 23:03 bryanpkc

Hi @bryanpkc , could this be similar to https://github.com/flang-compiler/flang/issues/813 ?

Sorry, I remembed Paul recommended me your patch and it did not help for #813

michalpasztamobica avatar Mar 25 '21 14:03 michalpasztamobica