ipa/102762 - fix ICE with invalid __builtin_va_arg_pack () use

We have to be careful to not break the argument space calculation.
If there's not enough arguments just do not append any.

2021-10-15  Richard Biener  <rguenther@suse.de>

	PR ipa/102762
	* tree-inline.c (copy_bb): Avoid underflowing nargs.

	* gcc.dg/torture/pr102762.c: New testcase.

(cherry picked from commit 11a4714860d2df6ba496d55379e7dc702d5fc425)

diff --git a/gcc/testsuite/gcc.dg/torture/pr102762.c b/gcc/testsuite/gcc.dg/torture/pr102762.c
new file mode 100644 (file)
index 0000000..67c6b00
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr102762.c
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* We fail to diagnose the invalid __builtin_va_arg_pack use with -flto.  */
+/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */
+
+void log_bad_request();
+void foo(a, b)
+     int a, b;
+{
+  log_bad_request(0, __builtin_va_arg_pack());  /* { dg-error "invalid use" } */
+  foo(0);
+}

diff --git a/gcc/tree-inline.c b/gcc/tree-inline.c
index a24b10d04b81deeea611bb5a8c8c9c013cd7100d..6e0c16bc355efa9a8c4460267ec6d9b41144f669 100644 (file)
--- a/gcc/tree-inline.c
+++ b/gcc/tree-inline.c
@@ -2097,7 +2097,13 @@ copy_bb (copy_body_data *id, basic_block bb,
              size_t nargs = nargs_caller;
 
              for (p = DECL_ARGUMENTS (id->src_fn); p; p = DECL_CHAIN (p))
-               nargs--;
+               {
+                 /* Avoid crashing on invalid IL that doesn't have a
+                    varargs function or that passes not enough arguments.  */
+                 if (nargs == 0)
+                   break;
+                 nargs--;
+               }
 
              /* Create the new array of arguments.  */
              size_t nargs_callee = gimple_call_num_args (call_stmt);