diff options
| author | Jerry DeLisle <jvdelisle@gcc.gnu.org> | 2017-10-27 17:50:22 +0000 |
|---|---|---|
| committer | Jerry DeLisle <jvdelisle@gcc.gnu.org> | 2017-10-27 17:50:22 +0000 |
| commit | 730de5a59ed3f0669b0d5cd85392f14fd337b895 (patch) | |
| tree | 738d184a57a75c64c70cff911a4ff6e0fe0e6ef4 | |
| parent | 6c6705a90426f383208a482263812cfe2894fa74 (diff) | |
| download | gcc-730de5a59ed3f0669b0d5cd85392f14fd337b895.zip gcc-730de5a59ed3f0669b0d5cd85392f14fd337b895.tar.gz gcc-730de5a59ed3f0669b0d5cd85392f14fd337b895.tar.bz2 | |
re PR libfortran/81938 (valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so)
2017-10-27 Jerry DeLisle <jvdelisle@gcc.gnu.org>
Rimvydas (RJ)
PR libgfortran/81938
io/format.c (free_format_data): Don't try to free vlist
descriptors past the end of the fnode array.
From-SVN: r254163
| -rw-r--r-- | libgfortran/ChangeLog | 7 | ||||
| -rw-r--r-- | libgfortran/io/format.c | 3 |
2 files changed, 9 insertions, 1 deletions
diff --git a/libgfortran/ChangeLog b/libgfortran/ChangeLog index ef9ef19..9e52ece 100644 --- a/libgfortran/ChangeLog +++ b/libgfortran/ChangeLog @@ -1,3 +1,10 @@ +2017-10-27 Jerry DeLisle <jvdelisle@gcc.gnu.org> + Rimvydas (RJ) + + PR libgfortran/81938 + io/format.c (free_format_data): Don't try to free vlist + descriptors past the end of the fnode array. + 2017-10-10 Thomas Koenig <tkoenig@gcc.gnu.org> PR libfortran/82233 diff --git a/libgfortran/io/format.c b/libgfortran/io/format.c index bd14ac3..c2abdd7 100644 --- a/libgfortran/io/format.c +++ b/libgfortran/io/format.c @@ -266,7 +266,8 @@ free_format_data (format_data *fmt) return; /* Free vlist descriptors in the fnode_array if one was allocated. */ - for (fnp = fmt->array.array; fnp->format != FMT_NONE; fnp++) + for (fnp = fmt->array.array; fnp < &fmt->array.array[FARRAY_SIZE] && + fnp->format != FMT_NONE; fnp++) if (fnp->format == FMT_DT) { if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist)) |