16 Regression] ICE: SIGSEGV in ana::region_model::scan_for_null_terminator (region-model.cc:4863) with -O -fanalyzer -fdump-analyzer -frounding-math

cvs-commit at gcc dot gnu.org via Gcc-bugs Wed, 11 Feb 2026 05:53:47 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124055


--- Comment #1 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <[email protected]>:

https://gcc.gnu.org/g:a815fdb2052fbca8854b1fddcd0db316a66020ae

commit r16-7459-ga815fdb2052fbca8854b1fddcd0db316a66020ae
Author: David Malcolm <[email protected]>
Date:   Wed Feb 11 08:51:16 2026 -0500

    analyzer: fix uninit in null-termination checking [PR124055]

    gcc/analyzer/ChangeLog:
            PR analyzer/124055
            * kf.cc (kf_strcpy::impl_call_pre): Ensure bytes_to_copy is
            initialized.  Assert that it was written to with non-null if
            check_for_null_terminated_string_arg returns non-null.
            * region-model.cc (region_model::scan_for_null_terminator):
            Initialize *out_sval, and assert it is written to when
            returning non-null.
            (region_model::check_for_null_terminated_string_arg): Assert
            that scan_for_null_terminator wrote to *out_sval if it
            returns non-null.

    gcc/testsuite/ChangeLog:
            PR analyzer/124055
            * gcc.dg/analyzer/ice-pr124055-1.c: New test.
            * gcc.dg/analyzer/ice-pr124055-2.c: New test.

    Signed-off-by: David Malcolm <[email protected]>

[Bug analyzer/124055] [14/15/16 Regression] ICE: SIGSEGV in ana::region_model::scan_for_null_terminator (region-model.cc:4863) with -O -fanalyzer -fdump-analyzer -frounding-math

Reply via email to