From 730de5a59ed3f0669b0d5cd85392f14fd337b895 Mon Sep 17 00:00:00 2001 From: Jerry DeLisle Date: Fri, 27 Oct 2017 17:50:22 +0000 Subject: [PATCH] re PR libfortran/81938 (valgrind error message and heap-buffer-overflow on address sanitized libgfortran.so) 2017-10-27 Jerry DeLisle Rimvydas (RJ) PR libgfortran/81938 io/format.c (free_format_data): Don't try to free vlist descriptors past the end of the fnode array. From-SVN: r254163 --- libgfortran/ChangeLog | 7 +++++++ libgfortran/io/format.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/libgfortran/ChangeLog b/libgfortran/ChangeLog index ef9ef19b68b..9e52ece6e15 100644 --- a/libgfortran/ChangeLog +++ b/libgfortran/ChangeLog @@ -1,3 +1,10 @@ +2017-10-27 Jerry DeLisle + Rimvydas (RJ) + + PR libgfortran/81938 + io/format.c (free_format_data): Don't try to free vlist + descriptors past the end of the fnode array. + 2017-10-10 Thomas Koenig PR libfortran/82233 diff --git a/libgfortran/io/format.c b/libgfortran/io/format.c index bd14ac37bb3..c2abdd7b3af 100644 --- a/libgfortran/io/format.c +++ b/libgfortran/io/format.c @@ -266,7 +266,8 @@ free_format_data (format_data *fmt) return; /* Free vlist descriptors in the fnode_array if one was allocated. */ - for (fnp = fmt->array.array; fnp->format != FMT_NONE; fnp++) + for (fnp = fmt->array.array; fnp < &fmt->array.array[FARRAY_SIZE] && + fnp->format != FMT_NONE; fnp++) if (fnp->format == FMT_DT) { if (GFC_DESCRIPTOR_DATA(fnp->u.udf.vlist)) -- 2.30.2