[gcc r12-3095] analyzer: fix ICE when failing to reconstruct a fn ptr [PR101837]

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r12-3095] analyzer: fix ICE when failing to reconstruct a fn ptr [PR101837]
@ 2021-08-23 18:10 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2021-08-23 18:10 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:4b821c7efbe12cfbb129a88541108b39058da526

commit r12-3095-g4b821c7efbe12cfbb129a88541108b39058da526
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Mon Aug 23 14:09:44 2021 -0400

    analyzer: fix ICE when failing to reconstruct a fn ptr [PR101837]
    
    gcc/analyzer/ChangeLog:
            PR analyzer/101837
            * analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is
            NULL, and assert that it's non-NULL before passing it to
            build_call_array_loc.
    
    gcc/testsuite/ChangeLog:
            PR analyzer/101837
            * gcc.dg/analyzer/pr101837.c: New test.

Diff:
---
 gcc/analyzer/analyzer.cc                 |  3 +++
 gcc/testsuite/gcc.dg/analyzer/pr101837.c | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc
index 557887724e8..f6e9c9d66d2 100644
--- a/gcc/analyzer/analyzer.cc
+++ b/gcc/analyzer/analyzer.cc
@@ -145,6 +145,8 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
 	tree return_type = gimple_call_return_type (call_stmt);
 	tree fn = fixup_tree_for_diagnostic_1 (gimple_call_fn (call_stmt),
 					       visited);
+	if (fn == NULL_TREE)
+	  return NULL_TREE;
 	unsigned num_args = gimple_call_num_args (call_stmt);
 	auto_vec<tree> args (num_args);
 	for (unsigned i = 0; i < num_args; i++)
@@ -155,6 +157,7 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
 	      return NULL_TREE;
 	    args.quick_push (arg);
 	  }
+	gcc_assert (fn);
 	return build_call_array_loc (gimple_location (call_stmt),
 				     return_type, fn,
 				     num_args, args.address ());
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101837.c b/gcc/testsuite/gcc.dg/analyzer/pr101837.c
new file mode 100644
index 00000000000..f99374df604
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr101837.c
@@ -0,0 +1,10 @@
+/* { dg-additional-options "-O3 -fsanitize=undefined" } */
+
+void memory_exhausted();
+void memcheck(void *ptr) {
+  if (ptr) /* { dg-warning "leak" } */
+    memory_exhausted();
+}
+
+int emalloc(int size) { memcheck(__builtin_malloc(size)); } /* { dg-message "allocated here" } */
+int main() { int max_envvar_len = emalloc(max_envvar_len + 1); } /* { dg-message "use of uninitialized value 'max_envvar_len'" } */


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-08-23 18:10 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-23 18:10 [gcc r12-3095] analyzer: fix ICE when failing to reconstruct a fn ptr [PR101837] David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).