@@ -1632,7 +1632,8 @@ protected:
if (rep_tree)
{
if (TREE_CODE (rep_tree) == SSA_NAME)
- rep_tree = SSA_NAME_VAR (rep_tree);
+ if (tree var = SSA_NAME_VAR (rep_tree))
+ rep_tree = var;
switch (TREE_CODE (rep_tree))
{
default:
new file mode 100644
@@ -0,0 +1,15 @@
+/* Verify we don't ICE generating out-of-bounds diagram. */
+
+/* { dg-additional-options " -fsanitize=undefined -fdiagnostics-text-art-charset=unicode" } */
+
+int * a() {
+ int *b = (int *)__builtin_malloc(sizeof(int));
+ int *c = b - 1;
+ ++*c;
+ return b;
+}
+
+/* We don't care about the exact diagram, just that we don't ICE. */
+
+/* { dg-allow-blank-lines-in-output 1 } */
+/* { dg-prune-output ".*" } */
Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r15-526-g1779e22150b917. gcc/analyzer/ChangeLog: PR analyzer/114899 * access-diagram.cc (written_svalue_spatial_item::get_label_string): Bulletproof against SSA_NAME_VAR being null. gcc/testsuite/ChangeLog: PR analyzer/114899 * c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> --- gcc/analyzer/access-diagram.cc | 3 ++- .../analyzer/out-of-bounds-diagram-pr114899.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/c-c++-common/analyzer/out-of-bounds-diagram-pr114899.c