[committed] analyzer: fix ICE on malloc/alloca param type mismatch [PR101143]

David Malcolm dmalcolm@redhat.com
Tue Jun 22 17:47:36 GMT 2021


Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r12-1731-gea4e32181d7a36055b57421abd0ced4735654cf6.

gcc/analyzer/ChangeLog:
	PR analyzer/101143
	* region-model.cc (compat_types_p): New function.
	(region_model::create_region_for_heap_alloc): Convert assertion to
	an error check.
	(region_model::create_region_for_alloca): Likewise.

gcc/testsuite/ChangeLog:
	PR analyzer/101143
	* gcc.dg/analyzer/pr101143.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/region-model.cc             | 19 +++++++++++++++----
 gcc/testsuite/gcc.dg/analyzer/pr101143.c | 18 ++++++++++++++++++
 2 files changed, 33 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr101143.c

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 462fe6d8b3c..ee11e82bdf2 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1443,6 +1443,17 @@ assert_compat_types (tree src_type, tree dst_type)
     }
 }
 
+/* Return true if SRC_TYPE can be converted to DST_TYPE as a no-op.  */
+
+static bool
+compat_types_p (tree src_type, tree dst_type)
+{
+  if (src_type && dst_type && !VOID_TYPE_P (dst_type))
+    if (!(useless_type_conversion_p (src_type, dst_type)))
+      return false;
+  return true;
+}
+
 /* Get the region for PV within this region_model,
    emitting any diagnostics to CTXT.  */
 
@@ -3402,8 +3413,8 @@ const region *
 region_model::create_region_for_heap_alloc (const svalue *size_in_bytes)
 {
   const region *reg = m_mgr->create_region_for_heap_alloc ();
-  assert_compat_types (size_in_bytes->get_type (), size_type_node);
-  set_dynamic_extents (reg, size_in_bytes);
+  if (compat_types_p (size_in_bytes->get_type (), size_type_node))
+    set_dynamic_extents (reg, size_in_bytes);
   return reg;
 }
 
@@ -3414,8 +3425,8 @@ const region *
 region_model::create_region_for_alloca (const svalue *size_in_bytes)
 {
   const region *reg = m_mgr->create_region_for_alloca (m_current_frame);
-  assert_compat_types (size_in_bytes->get_type (), size_type_node);
-  set_dynamic_extents (reg, size_in_bytes);
+  if (compat_types_p (size_in_bytes->get_type (), size_type_node))
+    set_dynamic_extents (reg, size_in_bytes);
   return reg;
 }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr101143.c b/gcc/testsuite/gcc.dg/analyzer/pr101143.c
new file mode 100644
index 00000000000..bcc0974d4e3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr101143.c
@@ -0,0 +1,18 @@
+/* { dg-additional-options "-Wno-builtin-declaration-mismatch" } */
+
+extern void *malloc (unsigned int);
+extern void *alloca (unsigned int);
+extern void unknown_fn (void *);
+
+void *
+test_malloc (void)
+{
+  return malloc (sizeof (int));
+}
+
+void *
+test_alloca (void)
+{
+  void *p = alloca (sizeof (int));
+  unknown_fn (p);
+}
-- 
2.26.3



More information about the Gcc-patches mailing list