[committed] analyzer: fix ICE on zero-arg calls passed to __attribute__((nonnull)) [PR 99906]

Mon, 05 Apr 2021 07:58:36 -0700 

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r11-7988-g7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.

gcc/analyzer/ChangeLog:
        PR analyzer/99906
        * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
        dereference on calls with zero arguments.
        * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
        __attribute__((nonnull)), only call get_diagnostic_tree if the
        result will be used.

gcc/testsuite/ChangeLog:
        PR analyzer/99906
        * gcc.dg/analyzer/pr99906.c: New test.
---
 gcc/analyzer/analyzer.cc                | 2 +-
 gcc/analyzer/sm-malloc.cc               | 3 ++-
 gcc/testsuite/gcc.dg/analyzer/pr99906.c | 3 +++
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr99906.c

diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc
index 2b4cffd08f5..12c03f6cfbd 100644
--- a/gcc/analyzer/analyzer.cc
+++ b/gcc/analyzer/analyzer.cc
@@ -148,7 +148,7 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
          }
        return build_call_array_loc (gimple_location (call_stmt),
                                     return_type, fn,
-                                    num_args, &args[0]);
+                                    num_args, args.address ());
       }
       break;
     }
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index ae03b068a88..1d5b8601b1f 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1600,11 +1600,11 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
                  if (bitmap_empty_p (nonnull_args)
                      || bitmap_bit_p (nonnull_args, i))
                    {
-                     tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
                      state_t state = sm_ctxt->get_state (stmt, arg);
                      /* Can't use a switch as the states are non-const.  */
                      if (unchecked_p (state))
                        {
+                         tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
                          sm_ctxt->warn (node, stmt, arg,
                                         new possible_null_arg (*this, diag_arg,
                                                                callee_fndecl,
@@ -1616,6 +1616,7 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
                        }
                      else if (state == m_null)
                        {
+                         tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
                          sm_ctxt->warn (node, stmt, arg,
                                         new null_arg (*this, diag_arg,
                                                       callee_fndecl, i));
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr99906.c 
b/gcc/testsuite/gcc.dg/analyzer/pr99906.c
new file mode 100644
index 00000000000..bb399a3e2ff
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr99906.c
@@ -0,0 +1,3 @@
+void bar(void *) __attribute__((__nonnull__));
+void *baz(void);
+void foo(void) { bar(baz()); }
-- 
2.26.2

Reply via email to