analyzer: fix ICE due to NULL type [PR96639]

gcc/analyzer/ChangeLog:
	PR analyzer/96639
	* region.cc (region::get_subregions_for_binding): Check for "type"
	being NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/96639
	* gcc.dg/analyzer/pr96639.c: New test.

diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc
index afe416b..eab1f27 100644 (file)
--- a/gcc/analyzer/region.cc
+++ b/gcc/analyzer/region.cc
@@ -256,7 +256,7 @@ region::get_subregions_for_binding (region_model_manager *mgr,
                                    tree type,
                                    auto_vec <const region *> *out) const
 {
-  if (get_type () == NULL_TREE)
+  if (get_type () == NULL_TREE || type == NULL_TREE)
     return;
   if (relative_bit_offset == 0
       && types_compatible_p (get_type (), type))

diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96639.c b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
new file mode 100644 (file)
index 0000000..02ca3f0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
@@ -0,0 +1,10 @@
+void *calloc (__SIZE_TYPE__, __SIZE_TYPE__);
+
+int
+x7 (void)
+{
+  int **md = calloc (1, 1);
+
+  return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
+  /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+}