Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as commit r12-3095-g4b821c7efbe12cfbb129a88541108b39058da526.
gcc/analyzer/ChangeLog:
PR analyzer/101837
* analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is
NULL, and assert that it's non-NULL before passing it to
build_call_array_loc.
gcc/testsuite/ChangeLog:
PR analyzer/101837
* gcc.dg/analyzer/pr101837.c: New test.
---
gcc/analyzer/analyzer.cc | 3 +++
gcc/testsuite/gcc.dg/analyzer/pr101837.c | 10 ++++++++++
2 files changed, 13 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr101837.c
diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc
index 557887724e8..f6e9c9d66d2 100644
--- a/gcc/analyzer/analyzer.cc
+++ b/gcc/analyzer/analyzer.cc
@@ -145,6 +145,8 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
tree return_type = gimple_call_return_type (call_stmt);
tree fn = fixup_tree_for_diagnostic_1 (gimple_call_fn (call_stmt),
visited);
+ if (fn == NULL_TREE)
+ return NULL_TREE;
unsigned num_args = gimple_call_num_args (call_stmt);
auto_vec<tree> args (num_args);
for (unsigned i = 0; i < num_args; i++)
@@ -155,6 +157,7 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
return NULL_TREE;
args.quick_push (arg);
}
+ gcc_assert (fn);
return build_call_array_loc (gimple_location (call_stmt),
return_type, fn,
num_args, args.address ());
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101837.c
b/gcc/testsuite/gcc.dg/analyzer/pr101837.c
new file mode 100644
index 00000000000..f99374df604
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr101837.c
@@ -0,0 +1,10 @@
+/* { dg-additional-options "-O3 -fsanitize=undefined" } */
+
+void memory_exhausted();
+void memcheck(void *ptr) {
+ if (ptr) /* { dg-warning "leak" } */
+ memory_exhausted();
+}
+
+int emalloc(int size) { memcheck(__builtin_malloc(size)); } /* { dg-message
"allocated here" } */
+int main() { int max_envvar_len = emalloc(max_envvar_len + 1); } /* {
dg-message "use of uninitialized value 'max_envvar_len'" } */
--
2.26.3
