Skip to content

[flang] Fix crash exposed by fuzzing #122187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 14, 2025
Merged

[flang] Fix crash exposed by fuzzing #122187

merged 1 commit into from
Jan 14, 2025

Conversation

klausler
Copy link
Contributor

@klausler klausler commented Jan 8, 2025

An integer overflowed in an erroneous test. Fix, and improve the error messages a bit.

Fixes #121979.

@klausler
[flang] Fix crash exposed by fuzzing
3849703 
An integer overflowed in an erroneous test.  Fix, and improve the
error messages a bit.

Fixes llvm#121979.
@llvmbot llvmbot added flang Flang issues not falling into any other category flang:semantics labels Jan 8, 2025
@llvmbot
Copy link
Member

llvmbot commented Jan 8, 2025

@llvm/pr-subscribers-flang-semantics

Author: Peter Klausler (klausler)

Changes

An integer overflowed in an erroneous test. Fix, and improve the error messages a bit.

Fixes #121979.

Full diff: https://github.com/llvm/llvm-project/pull/122187.diff

2 Files Affected:

  • (modified) flang/lib/Evaluate/intrinsics.cpp (+11-5)
  • (modified) flang/test/Semantics/reshape.f90 (+1-2)
diff --git a/flang/lib/Evaluate/intrinsics.cpp b/flang/lib/Evaluate/intrinsics.cpp
index 0dc8e121ea165f..f234241cfe14a6 100644
--- a/flang/lib/Evaluate/intrinsics.cpp
+++ b/flang/lib/Evaluate/intrinsics.cpp
@@ -2094,7 +2094,7 @@ std::optional<SpecificCall> IntrinsicInterface::Match(
   const ActualArgument *arrayArg{nullptr};
   const char *arrayArgName{nullptr};
   const ActualArgument *knownArg{nullptr};
-  std::optional<int> shapeArgSize;
+  std::optional<std::int64_t> shapeArgSize;
   int elementalRank{0};
   for (std::size_t j{0}; j < dummies; ++j) {
     const IntrinsicDummyArgument &d{dummy[std::min(j, dummyArgPatterns - 1)]};
@@ -2133,14 +2133,20 @@ std::optional<SpecificCall> IntrinsicInterface::Match(
           if (auto shape{GetShape(context, *arg)}) {
             if (auto constShape{AsConstantShape(context, *shape)}) {
               shapeArgSize = constShape->At(ConstantSubscripts{1}).ToInt64();
-              CHECK(*shapeArgSize >= 0);
-              argOk = true;
+              CHECK(shapeArgSize.value() >= 0);
+              argOk = *shapeArgSize <= common::maxRank;
             }
           }
         }
         if (!argOk) {
-          messages.Say(arg->sourceLocation(),
-              "'shape=' argument must be a vector of known size"_err_en_US);
+          if (shapeArgSize.value_or(0) > common::maxRank) {
+            messages.Say(arg->sourceLocation(),
+                "'shape=' argument must be a vector of at most %d elements (has %jd)"_err_en_US,
+                common::maxRank, std::intmax_t{*shapeArgSize});
+          } else {
+            messages.Say(arg->sourceLocation(),
+                "'shape=' argument must be a vector of known size"_err_en_US);
+          }
           return std::nullopt;
         }
         break;
diff --git a/flang/test/Semantics/reshape.f90 b/flang/test/Semantics/reshape.f90
index b3b96985affc7a..cccba210885a69 100644
--- a/flang/test/Semantics/reshape.f90
+++ b/flang/test/Semantics/reshape.f90
@@ -53,10 +53,9 @@ program reshaper
   !ERROR: 'shape=' argument has too many elements
   integer :: array23(I64_MAX, I64_MAX) = RESHAPE([1, 2, 3], huge_shape)
 
-  !ERROR: Size of 'shape=' argument must not be greater than 15
   CALL ext_sub(RESHAPE([(n, n=1,20)], &
+  !ERROR: 'shape=' argument must be a vector of at most 15 elements (has 16)
     [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]))
-  !ERROR: Reference to the procedure 'ext_sub' has an implicit interface that is distinct from another reference: incompatible dummy argument #1: incompatible dummy data object shapes
   !ERROR: 'shape=' argument must not have a negative extent
   CALL ext_sub(RESHAPE([(n, n=1,20)], [1, -5, 3]))
   !ERROR: 'order=' argument has unacceptable rank 2

eugeneepshteyn
eugeneepshteyn approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@eugeneepshteyn eugeneepshteyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@klausler klausler merged commit 9405a81 into llvm:main Jan 14, 2025
11 checks passed
@klausler klausler deleted the bug121979 branch January 14, 2025 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eugeneepshteyn eugeneepshteyn eugeneepshteyn approved these changes

@clementval clementval Awaiting requested review from clementval

@akuhlens akuhlens Awaiting requested review from akuhlens

Assignees
No one assigned
Labels
flang:semantics flang Flang issues not falling into any other category
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[flang] fatal internal error: CHECK(*shapeArgSize >= 0) failed at /root/llvm-project/flang/lib/Evaluate/intrinsics.cpp(2136)
3 participants
@klausler @llvmbot @eugeneepshteyn