[flang-commits] [flang] [flang] Fix crash in fuzzed input program (PR #122193)

Peter Klausler via flang-commits flang-commits at lists.llvm.org
Wed Jan 8 15:47:59 PST 2025 

https://github.com/klausler created https://github.com/llvm/llvm-project/pull/122193

Fixes https://github.com/llvm/llvm-project/issues/121971.

>From e8c88f04f870ef1a99942631c3eea8aec47fccff Mon Sep 17 00:00:00 2001
From: Peter Klausler <pklausler at nvidia.com>
Date: Wed, 8 Jan 2025 15:31:46 -0800
Subject: [PATCH] [flang] Fix crash in fuzzed input program

Fixes https://github.com/llvm/llvm-project/issues/121971.
---
 flang/lib/Evaluate/shape.cpp       | 12 ++++++------
 flang/test/Semantics/bug121971.f90 | 10 ++++++++++
 2 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 flang/test/Semantics/bug121971.f90

diff --git a/flang/lib/Evaluate/shape.cpp b/flang/lib/Evaluate/shape.cpp
index c7b2156a3de17a..f9d169e752cae5 100644
--- a/flang/lib/Evaluate/shape.cpp
+++ b/flang/lib/Evaluate/shape.cpp
@@ -566,13 +566,13 @@ MaybeExtentExpr GetExtent(const Subscript &subscript, const NamedEntity &base,
                 MaybeExtentExpr{triplet.stride()});
           },
           [&](const IndirectSubscriptIntegerExpr &subs) -> MaybeExtentExpr {
-            if (auto shape{GetShape(subs.value())}) {
-              if (GetRank(*shape) > 0) {
-                CHECK(GetRank(*shape) == 1); // vector-valued subscript
-                return std::move(shape->at(0));
-              }
+            if (auto shape{GetShape(subs.value())};
+                shape && GetRank(*shape) == 1) {
+              // vector-valued subscript
+              return std::move(shape->at(0));
+            } else {
+              return std::nullopt;
             }
-            return std::nullopt;
           },
       },
       subscript.u);
diff --git a/flang/test/Semantics/bug121971.f90 b/flang/test/Semantics/bug121971.f90
new file mode 100644
index 00000000000000..4192f6de2ec1f7
--- /dev/null
+++ b/flang/test/Semantics/bug121971.f90
@@ -0,0 +1,10 @@
+! RUN: %python %S/test_errors.py %s %flang_fc1
+subroutine subr(a,b,n,m)
+  real n,m
+!ERROR: Must have INTEGER type, but is REAL(4)
+!ERROR: Must have INTEGER type, but is REAL(4)
+  integer a(n,m)
+!ERROR: Rank of left-hand side is 2, but right-hand side has rank 1
+!ERROR: Subscript expression has rank 2 greater than 1
+  a = a(a,j)
+end

More information about the flang-commits mailing list