On 5/26/2021 5:18 PM, Martin Sebor via Gcc-patches wrote:
While checking objects whose addresses are passed to functions
declared to take const pointers and making sure they're initialized
the GCC 11 -Wmaybe-uninitialized enhancement assumes that the actual
argument is a pointer.
That's normally a safe assumption because for nonpointer arguments
the front ends add an explicit cast to the expected pointer type.
This doesn't happen for arguments passed through the ellipsis in
calls to variadic functions but those arguments aren't checked by
the enhancement (yet).
But when an invalid call to a variadic function like sprintf is
folded into one to strcpy() such as in the test case below this
assumption breaks and causes an ICE in the uninit pass.
void f (char *d, int i)
{
__builtin_sprintf (d, "%s", i); // uninit sees strcpy (d, i)
}
The attached patch solves this by a) avoiding the unsafe assumption
in the uninit pass, and b) avoiding folding sprintf calls with invalid
arguments of nonpointer types to strcpy.
Tested on x86_64-linux.
Martin
gcc-100732.diff
PR middle-end/100732 - ICE on sprintf %s with integer argument
gcc/ChangeLog:
PR middle-end/100732
* gimple-fold.c (gimple_fold_builtin_sprintf): Avoid folding calls
with either source or destination argument of invalid type.
* tree-ssa-uninit.c (maybe_warn_pass_by_reference): Avoid checking
calls with arguments of invalid type.
gcc/testsuite/ChangeLog:
PR middle-end/100732
* gcc.dg/tree-ssa/builtin-snprintf-11.c: New test.
* gcc.dg/tree-ssa/builtin-snprintf-12.c: New test.
* gcc.dg/tree-ssa/builtin-sprintf-28.c: New test.
* gcc.dg/tree-ssa/builtin-sprintf-29.c: New test.
* gcc.dg/uninit-pr100732.c: New test.
OK
jeff
