[flang-commits] [flang] 9405a81 - [flang] Fix crash exposed by fuzzing (#122187)

via flang-commits flang-commits at lists.llvm.org
Tue Jan 14 10:42:32 PST 2025 

Author: Peter Klausler
Date: 2025-01-14T10:42:29-08:00
New Revision: 9405a81ee7a16d8a30584f612234b4e27bd3d2dd

URL: https://github.com/llvm/llvm-project/commit/9405a81ee7a16d8a30584f612234b4e27bd3d2dd
DIFF: https://github.com/llvm/llvm-project/commit/9405a81ee7a16d8a30584f612234b4e27bd3d2dd.diff

LOG: [flang] Fix crash exposed by fuzzing (#122187)

An integer overflowed in an erroneous test. Fix, and improve the error
messages a bit.

Fixes https://github.com/llvm/llvm-project/issues/121979.

Added: 
    

Modified: 
    flang/lib/Evaluate/intrinsics.cpp
    flang/test/Semantics/reshape.f90

Removed: 
    


################################################################################
diff  --git a/flang/lib/Evaluate/intrinsics.cpp b/flang/lib/Evaluate/intrinsics.cpp
index 0dc8e121ea165f..f234241cfe14a6 100644
--- a/flang/lib/Evaluate/intrinsics.cpp
+++ b/flang/lib/Evaluate/intrinsics.cpp
@@ -2094,7 +2094,7 @@ std::optional<SpecificCall> IntrinsicInterface::Match(
   const ActualArgument *arrayArg{nullptr};
   const char *arrayArgName{nullptr};
   const ActualArgument *knownArg{nullptr};
-  std::optional<int> shapeArgSize;
+  std::optional<std::int64_t> shapeArgSize;
   int elementalRank{0};
   for (std::size_t j{0}; j < dummies; ++j) {
     const IntrinsicDummyArgument &d{dummy[std::min(j, dummyArgPatterns - 1)]};
@@ -2133,14 +2133,20 @@ std::optional<SpecificCall> IntrinsicInterface::Match(
           if (auto shape{GetShape(context, *arg)}) {
             if (auto constShape{AsConstantShape(context, *shape)}) {
               shapeArgSize = constShape->At(ConstantSubscripts{1}).ToInt64();
-              CHECK(*shapeArgSize >= 0);
-              argOk = true;
+              CHECK(shapeArgSize.value() >= 0);
+              argOk = *shapeArgSize <= common::maxRank;
             }
           }
         }
         if (!argOk) {
-          messages.Say(arg->sourceLocation(),
-              "'shape=' argument must be a vector of known size"_err_en_US);
+          if (shapeArgSize.value_or(0) > common::maxRank) {
+            messages.Say(arg->sourceLocation(),
+                "'shape=' argument must be a vector of at most %d elements (has %jd)"_err_en_US,
+                common::maxRank, std::intmax_t{*shapeArgSize});
+          } else {
+            messages.Say(arg->sourceLocation(),
+                "'shape=' argument must be a vector of known size"_err_en_US);
+          }
           return std::nullopt;
         }
         break;

diff  --git a/flang/test/Semantics/reshape.f90 b/flang/test/Semantics/reshape.f90
index b3b96985affc7a..cccba210885a69 100644
--- a/flang/test/Semantics/reshape.f90
+++ b/flang/test/Semantics/reshape.f90
@@ -53,10 +53,9 @@ program reshaper
   !ERROR: 'shape=' argument has too many elements
   integer :: array23(I64_MAX, I64_MAX) = RESHAPE([1, 2, 3], huge_shape)
 
-  !ERROR: Size of 'shape=' argument must not be greater than 15
   CALL ext_sub(RESHAPE([(n, n=1,20)], &
+  !ERROR: 'shape=' argument must be a vector of at most 15 elements (has 16)
     [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]))
-  !ERROR: Reference to the procedure 'ext_sub' has an implicit interface that is distinct from another reference: incompatible dummy argument #1: incompatible dummy data object shapes
   !ERROR: 'shape=' argument must not have a negative extent
   CALL ext_sub(RESHAPE([(n, n=1,20)], [1, -5, 3]))
   !ERROR: 'order=' argument has unacceptable rank 2

More information about the flang-commits mailing list