In case we're dealing with (*)[N] types, we should strip the
ARRAY_TYPEs prior to getting the type name. Otherwise we segv, since
the DECL_NAME is NULL.
Regtested on x86_64-linux, ok for trunk?
2014-01-07 Marek Polacek <pola...@redhat.com>
PR sanitizer/59667
* ubsan.c (ubsan_type_descriptor): Call strip_array_types on type2.
testsuite/
* c-c++-common/ubsan/pr59667.c: New test.
--- gcc/ubsan.c.mp 2014-01-07 14:37:46.782944043 +0100
+++ gcc/ubsan.c 2014-01-07 14:37:53.740972042 +0100
@@ -311,6 +311,9 @@ ubsan_type_descriptor (tree type, bool w
type2 = TYPE_METHOD_BASETYPE (type2);
}
+ /* If an array, get its type. */
+ type2 = strip_array_types (type2);
+
if (TYPE_NAME (type2) != NULL)
{
if (TREE_CODE (TYPE_NAME (type2)) == IDENTIFIER_NODE)
--- gcc/testsuite/c-c++-common/ubsan/pr59667.c.mp 2014-01-07
14:50:39.956271370 +0100
+++ gcc/testsuite/c-c++-common/ubsan/pr59667.c 2014-01-07 14:44:10.244545879
+0100
@@ -0,0 +1,15 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=undefined" } */
+/* { dg-shouldfail "ubsan" } */
+/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */
+
+int
+main (void)
+{
+ unsigned int len = 1;
+ float (*P)[len][len] = 0;
+ (*P)[0][0] = 1;
+ return 0;
+}
+
+/* { dg-output "store to null pointer of type 'float'(\n|\r\n|\r)" } */
Marek
