https://gcc.gnu.org/g:1779e22150b917e28e959623c819ef943fab02df
commit r15-526-g1779e22150b917e28e959623c819ef943fab02df
Author: David Malcolm <dmalc...@redhat.com>
Date: Wed May 15 18:40:56 2024 -0400
analyzer: fix ICE seen with -fsanitize=undefined [PR114899]
gcc/analyzer/ChangeLog:
PR analyzer/114899
* access-diagram.cc
(written_svalue_spatial_item::get_label_string): Bulletproof
against SSA_NAME_VAR being null.
gcc/testsuite/ChangeLog:
PR analyzer/114899
* c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c: New test.
Signed-off-by: David Malcolm <dmalc...@redhat.com>
Diff:
---
gcc/analyzer/access-diagram.cc | 3 ++-
.../analyzer/out-of-bounds-diagram-pr114899.c | 15 +++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/gcc/analyzer/access-diagram.cc b/gcc/analyzer/access-diagram.cc
index 500480b68328..8d7461fe381d 100644
--- a/gcc/analyzer/access-diagram.cc
+++ b/gcc/analyzer/access-diagram.cc
@@ -1632,7 +1632,8 @@ protected:
if (rep_tree)
{
if (TREE_CODE (rep_tree) == SSA_NAME)
- rep_tree = SSA_NAME_VAR (rep_tree);
+ if (tree var = SSA_NAME_VAR (rep_tree))
+ rep_tree = var;
switch (TREE_CODE (rep_tree))
{
default:
diff --git
a/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c
b/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c
new file mode 100644
index 000000000000..14ba540d4ec2
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c
@@ -0,0 +1,15 @@
+/* Verify we don't ICE generating out-of-bounds diagram. */
+
+/* { dg-additional-options " -fsanitize=undefined
-fdiagnostics-text-art-charset=unicode" } */
+
+int * a() {
+ int *b = (int *)__builtin_malloc(sizeof(int));
+ int *c = b - 1;
+ ++*c;
+ return b;
+}
+
+/* We don't care about the exact diagram, just that we don't ICE. */
+
+/* { dg-allow-blank-lines-in-output 1 } */
+/* { dg-prune-output ".*" } */
