Inappropriate use of TYPE_POINTER_TO in c-typeck.c

Inappropriate use of TYPE_POINTER_TO in c-typeck.c

[Zack Weinberg]

One of our customers found a bug where, with their particular version
of the compiler, default_function_array_conversion gets applied to an
INDIRECT_REF of an ARRAY_TYPE whose element type has not yet had its
TYPE_POINTER_TO instantiated.  This in turn cause convert to be called
with first argument NULL, which of course crashes.

I cannot reproduce this problem with the mainline compiler, but it
appears that in most cases build_pointer_type should be used instead
of TYPE_POINTER_TO.  (build_pointer_type memoizes its result in
TYPE_POINTER_TO.)  T_P_T is only used directly by functions that are
duplicating trees or that are going to do something special if T_P_T
hasn't been instantiated yet.  Accordingly, as a defensive move, I'm
applying the patch below.  Bootstrapped i686-linux.

zw

        * c-typeck.c (default_function_array_conversion): Use
        build_pointer_type not TYPE_POINTER_TO.

===================================================================
Index: c-typeck.c
--- c-typeck.c	7 Jun 2004 18:49:32 -0000	1.311
+++ c-typeck.c	12 Jun 2004 06:01:07 -0000
@@ -1207,7 +1207,7 @@ default_function_array_conversion (tree 
 				    | (volatilep * TYPE_QUAL_VOLATILE));
 
       if (TREE_CODE (exp) == INDIRECT_REF)
-	return convert (TYPE_POINTER_TO (restype),
+	return convert (build_pointer_type (restype),
 			TREE_OPERAND (exp, 0));
 
       if (TREE_CODE (exp) == COMPOUND_EXPR)