review.tizen.org Git - platform/upstream/gcc.git/commit

author	David Malcolm <dmalcolm@redhat.com>
	Wed, 26 Feb 2020 21:32:16 +0000 (16:32 -0500)
committer	David Malcolm <dmalcolm@redhat.com>
	Thu, 27 Feb 2020 02:05:43 +0000 (21:05 -0500)
commit	71b633aaea3aac2d983da7b1b99da8c9a8c80d1a
tree	e484d6136446da15527183412fc23ab35b0b8e03	tree \| snapshot
parent	0ba70d1b5ae8df6406a880b2d23e4710b393e8c9	commit \| diff

analyzer: fix ICE with -Wanalyzer-null-dereference [PR 93950]

PR analyzer/93950 reports an ICE when pruning the path of a
-Wanalyzer-null-dereference diagnostic.

The root cause is a bug in the state-tracking code, in which the
variable of interest is tracked from the callee to a "nullptr" param
at the caller, whereupon we have an INTEGER_CST "variable", and
the attempt to look up its lvalue fails.

This code could use a rewrite; in the meantime this patch extends
the bulletproofing from g:8525d1f5f57b11fe04a97674cc2fc2b7727621d0
for PR analyzer/93544 to all of the various places where var can
be updated, fixing the ICE.

gcc/analyzer/ChangeLog:
PR analyzer/93950
* diagnostic-manager.cc
(diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
either NULL or not a constant. When updating var, bulletproof
against constant values.

gcc/testsuite/ChangeLog:
PR analyzer/93950
* g++.dg/analyzer/pr93950.C: New test.

gcc/analyzer/ChangeLog		diff \| blob \| history
gcc/analyzer/diagnostic-manager.cc		diff \| blob \| history
gcc/testsuite/ChangeLog		diff \| blob \| history
gcc/testsuite/g++.dg/analyzer/pr93950.C	[new file with mode: 0644]	blob