[Bug middle-end/78629] vec.h: null pointer passed as argument 1, which is declared to never be null

rguenth at gcc dot gnu.org Thu, 01 Dec 2016 01:40:27 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78629


--- Comment #2 from Richard Biener <rguenth at gcc dot gnu.org> ---
Ah, it's for the case of len == 0, but that is explicitely allowed:

template<typename T>
inline void
vec<T, va_heap, vl_ptr>::safe_grow (unsigned len MEM_STAT_DECL)
{
  unsigned oldlen = length ();
  gcc_checking_assert (oldlen <= len);
  reserve_exact (len - oldlen PASS_MEM_STAT);
  if (m_vec)
    m_vec->quick_grow (len);
  else
    gcc_checking_assert (len == 0);
}

so I think the bug is in

template<typename T>
inline void
vec<T, va_heap, vl_ptr>::safe_grow_cleared (unsigned len MEM_STAT_DECL)
{
  unsigned oldlen = length ();
  safe_grow (len PASS_MEM_STAT);
  memset (&(address ()[oldlen]), 0, sizeof (T) * (len - oldlen));
}

instead which should simply conditionalize the memset on len != 0
(OTOH the undefinedness is on the borderline...).  Same for quick_grow_cleared
I suppose.  So

  size_t sz = sizeof (T) * (len - oldlen);
  if (sz != 0)
    memset (...);

[Bug middle-end/78629] vec.h: null pointer passed as argument 1, which is declared to never be null

Reply via email to