analyzer: fix ICE on cast to NULL type [PR104524]

gcc/analyzer/ChangeLog:
	PR analyzer/104524
	* region-model-manager.cc
	(region_model_manager::maybe_fold_sub_svalue): Only call
	get_or_create_cast if type is non-NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/104524
	* gcc.dg/analyzer/pr104524.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index d7156c5..917af22 100644 (file)
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -771,7 +771,7 @@ region_model_manager::maybe_fold_sub_svalue (tree type,
       if (unary->get_op () == NOP_EXPR
          || unary->get_op () == VIEW_CONVERT_EXPR)
        if (tree cst = unary->get_arg ()->maybe_get_constant ())
-         if (zerop (cst))
+         if (zerop (cst) && type)
            {
              const svalue *cst_sval
                = get_or_create_constant_svalue (cst);
@@ -786,7 +786,8 @@ region_model_manager::maybe_fold_sub_svalue (tree type,
        /* If we have a concrete 1-byte access within the parent region... */
        byte_range subregion_bytes (0, 0);
        if (subregion->get_relative_concrete_byte_range (&subregion_bytes)
-           && subregion_bytes.m_size_in_bytes == 1)
+           && subregion_bytes.m_size_in_bytes == 1
+           && type)
          {
            /* ...then attempt to get that char from the STRING_CST.  */
            HOST_WIDE_INT hwi_start_byte

diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104524.c b/gcc/testsuite/gcc.dg/analyzer/pr104524.c
new file mode 100644 (file)
index 0000000..875098c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104524.c
@@ -0,0 +1,9 @@
+int src[1];
+
+int
+main (int c, char **a)
+{
+  __builtin_memcpy (*a, src, c);
+
+  return 0;
+}