From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=WfMK=H4=gmail.com=nathanieloshead@sourceware.org>
Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a])
	by sourceware.org (Postfix) with ESMTPS id 378A3385842F
	for <gcc-patches@gcc.gnu.org>; Sun, 17 Dec 2023 21:51:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 378A3385842F
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 378A3385842F
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:4860:4864:20::2a
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702849890; cv=none;
	b=UZfGBhNHOyMIkrmvkZVeG7+qYTeAYKNxdfmBHGtNtodC76sb6+Hj0sYtPNmp3B2njw+5F3ymbbml5faXAAuGkwmVueVnom8i1GKEfwrqaCHCZj5H0Z8/mi0//sn06gHU4usxxoIg5/dKpSAO/RqeFkB0iVznP5QtE1Zty/gEd3A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1702849890; c=relaxed/simple;
	bh=+Nv8hMmQCHbbpbhj8Xe7CvrlpcFTHYNT1O67/yIxshU=;
	h=DKIM-Signature:Message-ID:Date:From:To:Subject:MIME-Version; b=wOIR70Xd3LFhZwa7iuEuR1YJ4K50dRP6bJGUuNWizLX4hq/qnPBPDBm7qFUwMahvLqeww2oVPNxbT6cZXbA4Ky7aHeGuFK4QTLFgqlRg021CulMzI4kxt3Mp526/BG4k2ddj8TcGByiwqKfDK5WeXPOqHEdJ/mkNlTOBWpBmZXA=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-203bfb4c35bso370168fac.3
        for <gcc-patches@gcc.gnu.org>; Sun, 17 Dec 2023 13:51:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1702849877; x=1703454677; darn=gcc.gnu.org;
        h=content-disposition:mime-version:subject:cc:to:from:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=eQpnf8bylhFo7q+8iIlAAcbLf+TEAdc9WqgwRyD6vsI=;
        b=Wy1XQdYc5VSvdluHfujvEOJoadXoq1Osg1Km6pc6VC40LBhvoLv2+TDWrYLLRROdBA
         4nO2WpxqHK9p5ZLH6CSoyh1HlwEHFtGG/IJUo9q6r9Rs3k75YKcdlrK3cr+Nk2vAVqVs
         +S+hVDJ2jrjkaqpzDFFB6NBkgsUn0Lw1dCbFh7z4+yG+umOr9FtJPE3UpH4TYczhBtfU
         j6Rq2ri9CEofun6VmUvkOfZcWwhpzVNXwg6n257zPkj4+KXPNFgKoOxKUt1hjPbLkzrE
         S8V52nSN5kHc8s1CfOuwy4EmMPgH+oclgJun8xTeYynzJqd20TwuYR/m+OjDQX8S9jiC
         hlZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1702849877; x=1703454677;
        h=content-disposition:mime-version:subject:cc:to:from:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=eQpnf8bylhFo7q+8iIlAAcbLf+TEAdc9WqgwRyD6vsI=;
        b=WBh6QfEANL+fkcDuOzibvxNtS48XoAAfz9BXgrgUolTkKo43UCQK7mg92luBYlqol4
         u2KkbaepSOS2LFLE1n29dL4cCwQTFSo6JtBigCObnYv0lh+MMwIfAZ4Raxp1OLbxbvBz
         o8J4z7u40zPi505ZfxayptJGYtcDHTcxW+YUNjktA51nGQhix/4bfO0SCJsfJ89WNgWl
         X3EtGOn8fsfZ44bj2v42Y0LjZJB+oKp37CdtYoTDihHCRWGrBwNL+DZhXWY2NBfuUAAI
         nfqV4Rq8Uuh19705GXEMA9NcZhtFhnR/35K1d8pQX8MD+6ZqU2dejo+CFsVahflgubF1
         NWLQ==
X-Gm-Message-State: AOJu0Yzc4FeYv3lK/ikTAYob4WUzeC70RDaIYyouqZ0DYuHW3I6s5jll
	nrnU9WDXKpN7FbsYqcHVhF2c7G1otlc=
X-Google-Smtp-Source: AGHT+IGTRz3K6YC1ig+HhXSBRPfFe7LO5SEWGD+/+dhStAuNdtOu9QxTxX3tRgyERuIXEUU2ND99OQ==
X-Received: by 2002:a05:6358:63a8:b0:172:da29:a8c3 with SMTP id k40-20020a05635863a800b00172da29a8c3mr1042810rwh.63.1702849877004;
        Sun, 17 Dec 2023 13:51:17 -0800 (PST)
Received: from Thaum. ([203.166.236.30])
        by smtp.gmail.com with ESMTPSA id mj13-20020a17090b368d00b0028b70755c73sm1401351pjb.41.2023.12.17.13.51.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Dec 2023 13:51:16 -0800 (PST)
Message-ID: <657f6d54.170a0220.7e557.2d05@mx.google.com>
X-Google-Original-Message-ID: <ZX9tT4JzaZ5Agz5u@Thaum.>
Date: Mon, 18 Dec 2023 08:51:11 +1100
From: Nathaniel Shead <nathanieloshead@gmail.com>
To: gcc-patches@gcc.gnu.org
Cc: Jason Merrill <jason@redhat.com>
Subject: [PATCH] c++: Check null pointer deref when calling memfn in
 constexpr [PR102420]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

Bootstrapped and regtested on x86_64-pc-linux-gnu, OK for trunk?

An alternative approach for the lambda issue would be to modify
'maybe_add_lambda_conv_op' to not pass a null pointer, but I wasn't sure
what the best approach for that would be.

-- >8 --

Calling a non-static member function on a null pointer is undefined
behaviour (see [expr.ref] p8) and should error in constant evaluation,
even if the 'this' pointer is never actually accessed within that
function.

One catch is that currently, the function pointer conversion operator
for lambda passes a null pointer as the 'this' pointer to the underlying
'operator()', so for now we ignore such calls.

	PR c++/102420

gcc/cp/ChangeLog:

	* constexpr.cc (cxx_bind_parameters_in_call): Check for calling
	non-static member functions with a null pointer.

gcc/testsuite/ChangeLog:

	* g++.dg/cpp0x/constexpr-memfn2.C: New test.

Signed-off-by: Nathaniel Shead <nathanieloshead@gmail.com>
---
 gcc/cp/constexpr.cc                           | 17 +++++++++++++++++
 gcc/testsuite/g++.dg/cpp0x/constexpr-memfn2.C | 10 ++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 gcc/testsuite/g++.dg/cpp0x/constexpr-memfn2.C

diff --git a/gcc/cp/constexpr.cc b/gcc/cp/constexpr.cc
index 051f73fb73f..9c18538b302 100644
--- a/gcc/cp/constexpr.cc
+++ b/gcc/cp/constexpr.cc
@@ -1884,6 +1884,23 @@ cxx_bind_parameters_in_call (const constexpr_ctx *ctx, tree t, tree fun,
 	 TARGET_EXPR, and use its CONSTRUCTOR as the value of the parm.  */
       arg = cxx_eval_constant_expression (ctx, x, vc_prvalue,
 					  non_constant_p, overflow_p);
+      /* Check we aren't dereferencing a null pointer when calling a non-static
+	 member function, which is undefined behaviour.  */
+      if (i == 0 && DECL_NONSTATIC_MEMBER_FUNCTION_P (fun)
+	  && integer_zerop (arg)
+	  /* But ignore calls from within the lambda function pointer
+	     conversion thunk, since this currently passes a null pointer.  */
+	  && !(TREE_CODE (t) == CALL_EXPR
+	       && CALL_FROM_THUNK_P (t)
+	       && ctx->call
+	       && ctx->call->fundef
+	       && lambda_static_thunk_p (ctx->call->fundef->decl)))
+	{
+	  if (!ctx->quiet)
+	    error_at (cp_expr_loc_or_input_loc (x),
+		      "dereferencing a null pointer");
+	  *non_constant_p = true;
+	}
       /* Don't VERIFY_CONSTANT here.  */
       if (*non_constant_p && ctx->quiet)
 	break;
diff --git a/gcc/testsuite/g++.dg/cpp0x/constexpr-memfn2.C b/gcc/testsuite/g++.dg/cpp0x/constexpr-memfn2.C
new file mode 100644
index 00000000000..4749190a1f0
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp0x/constexpr-memfn2.C
@@ -0,0 +1,10 @@
+// PR c++/102420
+// { dg-do compile { target c++11 } }
+
+struct X {
+  constexpr int f() { return 0; }
+};
+constexpr int g(X* x) {
+    return x->f();  // { dg-error "dereferencing a null pointer" }
+}
+constexpr int t = g(nullptr);  // { dg-message "in .constexpr. expansion" }
-- 
2.42.0