re PR fortran/46884 (Use of charlen after free)

	PR fortran/46884
	* symbol.c (gfc_new_charlen): If old_cl is non-NULL, put it
	at the ns->old_cl_list spot in the chain rather than at
	ns->cl_list.

	* gfortran.dg/pr46884.f: New test.

From-SVN: r167742

diff --git a/gcc/fortran/ChangeLog b/gcc/fortran/ChangeLog
index f74d9be..35c4b6e 100644 (file)
--- a/gcc/fortran/ChangeLog
+++ b/gcc/fortran/ChangeLog
@@ -1,6 +1,13 @@
+2010-12-13  Jakub Jelinek  <jakub@redhat.com>
+
+       PR fortran/46884
+       * symbol.c (gfc_new_charlen): If old_cl is non-NULL, put it
+       at the ns->old_cl_list spot in the chain rather than at
+       ns->cl_list.
+
 2010-12-12  Thomas Koenig  <tkoenig@gcc.gnu.org>
 
-       * dump-parse-tree.c (show_expr):  Add space for parens.
+       * dump-parse-tree.c (show_expr): Add space for parens.
 
 2010-12-12  Janus Weil  <janus@gcc.gnu.org>
 

diff --git a/gcc/fortran/symbol.c b/gcc/fortran/symbol.c
index 05c6235..283bfce 100644 (file)
--- a/gcc/fortran/symbol.c
+++ b/gcc/fortran/symbol.c
@@ -3219,19 +3219,29 @@ gfc_new_charlen (gfc_namespace *ns, gfc_charlen *old_cl)
   gfc_charlen *cl;
   cl = gfc_get_charlen ();
 
-  /* Put into namespace.  */
-  cl->next = ns->cl_list;
-  ns->cl_list = cl;
-
   /* Copy old_cl.  */
   if (old_cl)
     {
+      /* Put into namespace, but don't allow reject_statement
+        to free it if old_cl is given.  */
+      gfc_charlen **prev = &ns->cl_list;
+      cl->next = ns->old_cl_list;
+      while (*prev != ns->old_cl_list)
+       prev = &(*prev)->next;
+      *prev = cl;
+      ns->old_cl_list = cl;
       cl->length = gfc_copy_expr (old_cl->length);
       cl->length_from_typespec = old_cl->length_from_typespec;
       cl->backend_decl = old_cl->backend_decl;
       cl->passed_length = old_cl->passed_length;
       cl->resolved = old_cl->resolved;
     }
+  else
+    {
+      /* Put into namespace.  */
+      cl->next = ns->cl_list;
+      ns->cl_list = cl;
+    }
 
   return cl;
 }

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index dec16b5..0edad69 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2010-12-13  Jakub Jelinek  <jakub@redhat.com>
+
+       PR fortran/46884
+       * gfortran.dg/pr46884.f: New test.
+
 2010-12-13  Iain Sandoe  <iains@gcc.gnu.org>
 
        * objc.dg/gnu-encoding/struct-layout-encoding-1_generate.c:

diff --git a/gcc/testsuite/gfortran.dg/pr46884.f b/gcc/testsuite/gfortran.dg/pr46884.f
new file mode 100644 (file)
index 0000000..54ae57d
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr46884.f
@@ -0,0 +1,8 @@
+C PR fortran/46884
+C { dg-do compile }
+C { dg-options "" }
+      SUBROUTINE F
+      IMPLICIT CHARACTER*12 (C)
+      CALL G(C1)
+      CALL H(C1(1:4))
+      END