diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2021-08-23 14:09:44 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2021-08-23 14:09:44 -0400 |
| commit | 4b821c7efbe12cfbb129a88541108b39058da526 (patch) | |
| tree | 1b3dd4dccc4e697896cabb6d0c3170e14c0b67fb | |
| parent | e82e0f149b0aba660896ea9aa12c442c07a16d12 (diff) | |
| download | gcc-4b821c7efbe12cfbb129a88541108b39058da526.tar.gz | |
analyzer: fix ICE when failing to reconstruct a fn ptr [PR101837]
gcc/analyzer/ChangeLog:
PR analyzer/101837
* analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is
NULL, and assert that it's non-NULL before passing it to
build_call_array_loc.
gcc/testsuite/ChangeLog:
PR analyzer/101837
* gcc.dg/analyzer/pr101837.c: New test.
| -rw-r--r-- | gcc/analyzer/analyzer.cc | 3 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/pr101837.c | 10 |
2 files changed, 13 insertions, 0 deletions
diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc index 557887724e8..f6e9c9d66d2 100644 --- a/gcc/analyzer/analyzer.cc +++ b/gcc/analyzer/analyzer.cc @@ -145,6 +145,8 @@ maybe_reconstruct_from_def_stmt (tree ssa_name, tree return_type = gimple_call_return_type (call_stmt); tree fn = fixup_tree_for_diagnostic_1 (gimple_call_fn (call_stmt), visited); + if (fn == NULL_TREE) + return NULL_TREE; unsigned num_args = gimple_call_num_args (call_stmt); auto_vec<tree> args (num_args); for (unsigned i = 0; i < num_args; i++) @@ -155,6 +157,7 @@ maybe_reconstruct_from_def_stmt (tree ssa_name, return NULL_TREE; args.quick_push (arg); } + gcc_assert (fn); return build_call_array_loc (gimple_location (call_stmt), return_type, fn, num_args, args.address ()); diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101837.c b/gcc/testsuite/gcc.dg/analyzer/pr101837.c new file mode 100644 index 00000000000..f99374df604 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr101837.c @@ -0,0 +1,10 @@ +/* { dg-additional-options "-O3 -fsanitize=undefined" } */ + +void memory_exhausted(); +void memcheck(void *ptr) { + if (ptr) /* { dg-warning "leak" } */ + memory_exhausted(); +} + +int emalloc(int size) { memcheck(__builtin_malloc(size)); } /* { dg-message "allocated here" } */ +int main() { int max_envvar_len = emalloc(max_envvar_len + 1); } /* { dg-message "use of uninitialized value 'max_envvar_len'" } */ |