diff mbox series

[committed] analyzer: avoid ICE with missing arguments (PR 93375)

Message ID 20200123163207.4940-1-dmalcolm@redhat.com
State New
Headers show
Series [committed] analyzer: avoid ICE with missing arguments (PR 93375) | expand

Commit Message

David Malcolm Jan. 23, 2020, 4:32 p.m. UTC 
PR analyzer/93375 reports an ICE under certain circumstances
involving a call where the number of arguments at the callsite
is less than the parameter count of the callee,

Specifically, the ICE occurs when pruning a checker_path for a
diagnostic, when attempting to maintain which expression is of
interest through such a call.

The root cause is an assumption that there were enough arguments at
the callsite, within callgraph_superedge's methods for mapping
expressions between callee and caller.

This patch adds checks for this to the relevant methods, fixing the ICE.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu;
pushed to master as r10-6182-g648796dab42b6e839f10fee5835f24cd2016a9f4.

gcc/analyzer/ChangeLog:
	PR analyzer/93375
	* supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
	gracefully is the number of parameters at the callee exceeds the
	number of arguments at the call stmt.
	(callgraph_superedge::get_parm_for_arg): Likewise.

gcc/testsuite/ChangeLog:
	PR analyzer/93375
	* gcc.dg/analyzer/pr93375.c: New test.
---
 gcc/analyzer/supergraph.cc              | 14 ++++++++++----
 gcc/testsuite/gcc.dg/analyzer/pr93375.c | 15 +++++++++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93375.c
diff mbox series

Patch

diff --git a/gcc/analyzer/supergraph.cc b/gcc/analyzer/supergraph.cc
index 4660239082a..a5bf52d8aca 100644
--- a/gcc/analyzer/supergraph.cc
+++ b/gcc/analyzer/supergraph.cc
@@ -879,16 +879,19 @@  callgraph_superedge::get_arg_for_parm (tree parm_to_find,
   gcc_assert  (TREE_CODE (parm_to_find) == PARM_DECL);
 
   tree callee = get_callee_decl ();
+  const gcall *call_stmt = get_call_stmt ();
 
-  int i = 0;
+  unsigned i = 0;
   for (tree iter_parm = DECL_ARGUMENTS (callee); iter_parm;
        iter_parm = DECL_CHAIN (iter_parm), ++i)
     {
+      if (i >= gimple_call_num_args (call_stmt))
+	return NULL_TREE;
       if (iter_parm == parm_to_find)
 	{
 	  if (out)
 	    *out = callsite_expr::from_zero_based_param (i);
-	  return gimple_call_arg (get_call_stmt (), i);
+	  return gimple_call_arg (call_stmt, i);
 	}
     }
 
@@ -906,12 +909,15 @@  callgraph_superedge::get_parm_for_arg (tree arg_to_find,
 				       callsite_expr *out) const
 {
   tree callee = get_callee_decl ();
+  const gcall *call_stmt = get_call_stmt ();
 
-  int i = 0;
+  unsigned i = 0;
   for (tree iter_parm = DECL_ARGUMENTS (callee); iter_parm;
        iter_parm = DECL_CHAIN (iter_parm), ++i)
     {
-      tree param = gimple_call_arg (get_call_stmt (), i);
+      if (i >= gimple_call_num_args (call_stmt))
+	return NULL_TREE;
+      tree param = gimple_call_arg (call_stmt, i);
       if (arg_to_find == param)
 	{
 	  if (out)
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93375.c b/gcc/testsuite/gcc.dg/analyzer/pr93375.c
new file mode 100644
index 00000000000..93a3e87f2cb
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr93375.c
@@ -0,0 +1,15 @@ 
+/* { dg-additional-options "-Wno-implicit-int" } */
+
+void
+en (jm)
+{
+}
+
+void
+p2 ()
+{
+  char *rl = 0;
+
+  en ();
+  __builtin_memcpy (rl, 0, sizeof (0)); /* { dg-warning "dereference of NULL" } */
+}