From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jakub@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id EB2003858411
 for <gcc-patches@gcc.gnu.org>; Tue, 16 Nov 2021 09:00:43 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EB2003858411
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-368-Xq4KF_vjOpGn8UJhLyTPeA-1; Tue, 16 Nov 2021 04:00:41 -0500
X-MC-Unique: Xq4KF_vjOpGn8UJhLyTPeA-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D67DABAF8B;
 Tue, 16 Nov 2021 09:00:38 +0000 (UTC)
Received: from tucnak.zalov.cz (unknown [10.39.192.54])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 6D2D45F4ED;
 Tue, 16 Nov 2021 09:00:38 +0000 (UTC)
Received: from tucnak.zalov.cz (localhost [127.0.0.1])
 by tucnak.zalov.cz (8.16.1/8.16.1) with ESMTPS id 1AG90ZAN4093446
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
 Tue, 16 Nov 2021 10:00:35 +0100
Received: (from jakub@localhost)
 by tucnak.zalov.cz (8.16.1/8.16.1/Submit) id 1AG90Y8V4093443;
 Tue, 16 Nov 2021 10:00:34 +0100
Date: Tue, 16 Nov 2021 10:00:34 +0100
From: Jakub Jelinek <jakub@redhat.com>
To: Richard Biener <rguenther@suse.de>, Jeff Law <jeffreyalaw@gmail.com>
Cc: gcc-patches@gcc.gnu.org
Subject: [PATCH] waccess: Fix up pass_waccess::check_alloc_size_call [PR102009]
Message-ID: <20211116090034.GD2710@tucnak>
Reply-To: Jakub Jelinek <jakub@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 09:00:49 -0000

Hi!

This function punts if the builtins have no arguments, but as can be seen
on the testcase, even if it has some arguments but alloc_size attribute's
arguments point to arguments that aren't passed, we get a warning earlier
from the FE but should punt rather than ICE on it.
Other users of alloc_size attribute e.g. in
tree-object-size.c (alloc_object_size) punt similarly and similarly
even in the same TU maybe_warn_nonstring_arg correctly verifies calls have
enough arguments.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2021-11-16  Jakub Jelinek  <jakub@redhat.com>

	PR tree-optimization/102009
	* gimple-ssa-warn-access.cc (pass_waccess::check_alloc_size_call):
	Punt if any of alloc_size arguments is out of bounds vs. number of
	call arguments.

	* gcc.dg/pr102009.c: New test.

--- gcc/gimple-ssa-warn-access.cc.jj	2021-11-09 15:25:15.000000000 +0100
+++ gcc/gimple-ssa-warn-access.cc	2021-11-15 17:22:44.769580185 +0100
@@ -2335,10 +2335,6 @@ pass_waccess::check_alloca (gcall *stmt)
 void
 pass_waccess::check_alloc_size_call (gcall *stmt)
 {
-  if (gimple_call_num_args (stmt) < 1)
-    /* Avoid invalid calls to functions without a prototype.  */
-    return;
-
   tree fndecl = gimple_call_fndecl (stmt);
   if (fndecl && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
     {
@@ -2367,13 +2363,19 @@ pass_waccess::check_alloc_size_call (gca
      the actual argument(s) at those indices in ALLOC_ARGS.  */
   int idx[2] = { -1, -1 };
   tree alloc_args[] = { NULL_TREE, NULL_TREE };
+  unsigned nargs = gimple_call_num_args (stmt);
 
   tree args = TREE_VALUE (alloc_size);
   idx[0] = TREE_INT_CST_LOW (TREE_VALUE (args)) - 1;
+  /* Avoid invalid calls to functions without a prototype.  */
+  if ((unsigned) idx[0] >= nargs)
+    return;
   alloc_args[0] = call_arg (stmt, idx[0]);
   if (TREE_CHAIN (args))
     {
       idx[1] = TREE_INT_CST_LOW (TREE_VALUE (TREE_CHAIN (args))) - 1;
+      if ((unsigned) idx[1] >= nargs)
+	return;
       alloc_args[1] = call_arg (stmt, idx[1]);
     }
 
--- gcc/testsuite/gcc.dg/pr102009.c.jj	2021-11-15 17:29:19.090162531 +0100
+++ gcc/testsuite/gcc.dg/pr102009.c	2021-11-15 17:30:08.328486037 +0100
@@ -0,0 +1,10 @@
+/* PR tree-optimization/102009 */
+/* { dg-do compile } */
+
+void *realloc ();	/* { dg-message "declared here" } */
+
+void *
+foo (void *p)
+{
+  return realloc (p);	/* { dg-warning "too few arguments to built-in function 'realloc' expecting " } */
+}

	Jakub