[PATCH] Fix -fsanitize=object-size expansion (PR sanitizer/65367)

[Marek Polacek]

This PR exposes a bug where we weren't properly updating gsi in case of just
removing the unnecessary UBSAN_OBJECT_SIZE call.  In such a case we need to
remove the statement using the gsi passed down to ubsan_expand_objsize_ifn,
not with a copy of it, because we rely on gsi_remove to update the iterator.

Bootstrapped/regtested on x86_64-linux, applying to trunk.

2015-03-10  Marek Polacek  <polacek@redhat.com>
	    Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/65367
	* ubsan.c (ubsan_expand_objsize_ifn): Update GSI instead of GSI_ORIG
	when only removing the statement.  Handle expanding UBSAN_OBJECT_SIZE
	separately.

	* c-c++-common/ubsan/pr65367.c: New test.

diff --git gcc/testsuite/c-c++-common/ubsan/pr65367.c gcc/testsuite/c-c++-common/ubsan/pr65367.c
index e69de29..730f5bf 100644
--- gcc/testsuite/c-c++-common/ubsan/pr65367.c
+++ gcc/testsuite/c-c++-common/ubsan/pr65367.c
@@ -0,0 +1,9 @@
+/* PR sanitizer/65367 */
+/* { dg-do compile } */
+/* { dg-options "-fno-tree-ccp -fno-tree-copy-prop -fno-tree-dominator-opts -fno-tree-fre -fsanitize=object-size" } */
+
+int
+foo (char *p)
+{
+  return *((const char *) "") - *p;
+}
diff --git gcc/ubsan.c gcc/ubsan.c
index 38d98cf..98edfe0 100644
--- gcc/ubsan.c
+++ gcc/ubsan.c
@@ -1022,11 +1022,16 @@ ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
 
       /* Point GSI to next logical statement.  */
       *gsi = gsi_start_bb (fallthru_bb);
+
+      /* Get rid of the UBSAN_OBJECT_SIZE call from the IR.  */
+      unlink_stmt_vdef (stmt);
+      gsi_remove (&gsi_orig, true);
+      return true;
     }
 
   /* Get rid of the UBSAN_OBJECT_SIZE call from the IR.  */
   unlink_stmt_vdef (stmt);
-  gsi_remove (&gsi_orig, true);
+  gsi_remove (gsi, true);
   return true;
 }
 

	Marek