From patchwork Thu Dec 9 20:05:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Anlauf X-Patchwork-Id: 1566067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=ikbc9ZAf; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4J94lt3gjZz9sCD for ; Fri, 10 Dec 2021 07:05:45 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EF7CF3858020 for ; Thu, 9 Dec 2021 20:05:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EF7CF3858020 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1639080342; bh=8PkefluLCumWd52x7mxAN83Ff7523NA9Dh+yYpH00TQ=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=ikbc9ZAf78feFv2aaJw2WwOj2Q5ZIRwRCtKV5L+T6wUslHEZigZ39D3ks8BDZ4UBW 9kCFGI7W71GMp+j9vAoqLkMpRMK33fMSkcR+qFsBkozjQOmL/OGxEVl+OwK8EqoEmx 7KAf/vjJ9yqUmwbDHVq6hWMrm/GIYrayVqyKINDo= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by sourceware.org (Postfix) with ESMTPS id DC6943858C27; Thu, 9 Dec 2021 20:05:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org DC6943858C27 X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [79.251.10.96] ([79.251.10.96]) by web-mail.gmx.net (3c-app-gmx-bs60.server.lan [172.19.170.144]) (via HTTP); Thu, 9 Dec 2021 21:05:18 +0100 MIME-Version: 1.0 Message-ID: To: fortran , gcc-patches Subject: [PATCH] PR libfortran/103634 - Runtime crash with PACK on zero-sized arrays Date: Thu, 9 Dec 2021 21:05:18 +0100 Importance: normal Sensitivity: Normal X-Priority: 3 X-Provags-ID: V03:K1:oxdatzM10d5pQhaVITY02YLms+G2y3RFNB4WIpEPQh8NvvqFI3PfYYGUsd+IUXZI+zpqb bzFQ67COxdL3tqiUefyBKo4Bv8VH1oh33dHXyuD4c+d1Kk6N4g1T6hRs9wNzE+sWqOHNQRml7Fri fZYlfTiDGBgxvevfEIaXwCpQ6yUAK/hSU0vqwCN9hiMgouwHjjt9SNINeS4gwbzgNmfvA6YQodwI cTH+157YEuWisnuHnvxeMYOP9U9dlhqLWBqdGrGKIiZUDVyNCQzbPTeanMshMkUlAfj6TVBJdqVr fU= X-UI-Out-Filterresults: notjunk:1;V03:K0:Va8dof6t/aU=:WxAXB9G1UDQhbPFGdBK8pq etBB45H5UcdezEdUqcGM1ZX3LY4AtrOEVnygQFLC7coyXfyBAW0FRaUkUbiTKhmq1MHg2FwNw puvjmZn83fSOy5KnzrEQZ3xRCd5A0X1E01U9l5WB07GxuYdKRhWnYI8DdP7WvtrbwWrv13LQB eGrifdMo83uh/juasS8/hjgxjNXVKVAHKIpZrocugDXslQxq3CW3cjMNPtaHnugZeqi5tIaD2 v+JNYOzpmo6A7ZfblV9vB6yFvMrSCOE32gBMpa1v7Su+Ba4onwJLdRcLBH278UTbZ9dQzuyHs uZ/FRrK96pOLKNm/LkSR+CBmSEXYXyGgZqltFjWwy6RuDSQexqaRSqAdw/QJu/QXCa3/5PMBz STNC+Xv3icvH2WmEwfSt7u8HUutLttZCjBdaVv04t+FKPU3uf8JWojVq20Z7XT3S4ZdjkPPWC wI8imdlG6tWAcDOKi/AJ1ASR36r5cITJgUA2cMPTmT2vo/T5HOagK7yLIRYkY2/EquVbI1z2R uGFbdHO77nReR3FPbuK4UxzPNCfFg7uYj1B5Esn70U8+glbC+IE8N44f36XsjzaXTf8xQIsiH dIQdSfGdHT2BDMfJUCxSdklI05hyrJ3lHh50+T9N/yoaqRKVuGwkr8c70IvUeMs/wC1Vda5fg dpZvBO1dp813+FtmsWCA4+o3W01DJExHhwKO9jxTsAG//Dax5ePbn+DWGw4ZCW3euS6roNY5B H+syKF+/g2XkrJIZDqfLlMdlVdQs48KIAJgvDLZ4QxOalGkc0O5Wj5HiXmTE8QCFuu+wpkvdY jvRg+0z X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Harald Anlauf via Gcc-patches From: Harald Anlauf Reply-To: Harald Anlauf Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" Dear all, I had thought that we had fixed this in the past (see PR31001), but it did fail for me with all gcc versions I have tried (7-12) for a slightly more elaborate case as in the old testcase. The loop in pack_internal did try to access the first element of the array argument to PACK even if one (or more) extents were zero. This is not good. Solution: check the extents and return early. (We already do a related check for the vector argument if present). Regtested on x86_64-pc-linux-gnu. OK for mainline? As this segfaults on valid code at runtime: I am considering backporting this, if there are no objections. Thanks, Harald From dfa1e1ac5d8e43f1ca8f13b64330825581174f36 Mon Sep 17 00:00:00 2001 From: Harald Anlauf Date: Thu, 9 Dec 2021 20:55:08 +0100 Subject: [PATCH] Fortran: PACK intrinsic should not try to read from zero-sized array libgfortran/ChangeLog: PR libfortran/103634 * intrinsics/pack_generic.c (pack_internal): Handle case when the array argument of PACK has one extent of size zero to avoid invalid reads. gcc/testsuite/ChangeLog: PR libfortran/103634 * gfortran.dg/zero_sized_13.f90: New test. --- gcc/testsuite/gfortran.dg/zero_sized_13.f90 | 20 ++++++++++++++++++++ libgfortran/intrinsics/pack_generic.c | 4 ++++ 2 files changed, 24 insertions(+) create mode 100644 gcc/testsuite/gfortran.dg/zero_sized_13.f90 diff --git a/gcc/testsuite/gfortran.dg/zero_sized_13.f90 b/gcc/testsuite/gfortran.dg/zero_sized_13.f90 new file mode 100644 index 00000000000..5620514334c --- /dev/null +++ b/gcc/testsuite/gfortran.dg/zero_sized_13.f90 @@ -0,0 +1,20 @@ +! { dg-do run } +! PR libfortran/103634 - Runtime crash with PACK on zero-sized arrays + +program p + implicit none + type t + real :: r(24) = -99. + end type + type(t), allocatable :: new(:), old(:) + logical, allocatable :: mask(:) + integer :: n, m +! m = 1 ! works + m = 0 ! failed with SIGSEGV in pack_internal + allocate (old(m), mask(m)) + mask(:) = .false. + n = count (mask) + allocate (new(n)) + new(:) = pack (old, mask) + print *, size (new) +end diff --git a/libgfortran/intrinsics/pack_generic.c b/libgfortran/intrinsics/pack_generic.c index cad2fbbfbcd..f629e0e8469 100644 --- a/libgfortran/intrinsics/pack_generic.c +++ b/libgfortran/intrinsics/pack_generic.c @@ -126,6 +126,10 @@ pack_internal (gfc_array_char *ret, const gfc_array_char *array, if (mstride[0] == 0) mstride[0] = mask_kind; + for (n = 0; n < dim; n++) + if (extent[n] == 0) + return; + if (ret->base_addr == NULL || unlikely (compile_options.bounds_check)) { /* Count the elements, either for allocating memory or -- 2.26.2