]> git.ipfire.org Git - thirdparty/gcc.git/commitdiff
projects / thirdparty / gcc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c475080)
Fortran: Fix heap-use-after-free
authorJerry DeLisle <jvdelisle@gcc.gnu.org>
Thu, 19 Feb 2026 00:19:26 +0000 (16:19 -0800)
committerJerry DeLisle <jvdelisle@gcc.gnu.org>
Thu, 19 Feb 2026 00:34:53 +0000 (16:34 -0800)
This fix stops freeing the current BLOCK namespace during malformed
END error recovery.  It now lets normal block unwinding/cleanup handle
the free, preventing the heap-use-after-free.

Suggested-by: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Christopher Albert <albert@tugraz.at>
PR fortran/122491

gcc/fortran/ChangeLog:

* decl.cc (gfc_match_end): Do not free current BLOCK namespace
during malformed END cleanup.

gcc/fortran/decl.cc patch | blob | blame | history

diff --git a/gcc/fortran/decl.cc b/gcc/fortran/decl.cc
index cb6bd6f8cc05eb2b8c6b8df2026e844d15ead34a..b5128580548401bfdbe3767361166065c863bb6e 100644 (file)
--- a/gcc/fortran/decl.cc
+++ b/gcc/fortran/decl.cc
@@ -9267,7 +9267,8 @@ cleanup:
          ns = ns->sibling;
        }
 
-      gfc_free_namespace (gfc_current_ns);
+      /* The namespace can still be referenced by parser state and code nodes;
+        let normal block unwinding/freeing own its lifetime.  */
       gfc_current_ns = parent_ns;
       gfc_state_stack = gfc_state_stack->previous;
       state = gfc_current_state ();
Mirror of https://gcc.gnu.org/git/gcc.git