diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2020-08-14 10:48:30 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2020-08-14 16:56:28 -0400 |
| commit | ee88b536069db8f870c444c441182a9c76ec5bba (patch) | |
| tree | 437fb885cb40faf78632bd8965ab2141497c9c40 /gcc/analyzer | |
| parent | 7e625038623df83b341a509ecd9c6a85f7837ecf (diff) | |
| download | gcc-ee88b536069db8f870c444c441182a9c76ec5bba.zip gcc-ee88b536069db8f870c444c441182a9c76ec5bba.tar.gz gcc-ee88b536069db8f870c444c441182a9c76ec5bba.tar.bz2 | |
analyzer: fix ICE on escaped unknown pointers [PR96611]
PR analyzer/96611 reports an ICE within the handling for unknown
functions, when passing a pointer to something accessed via a
global pointer, after an unknown function has already been called.
The first unknown function leads to the store being flagged, so
the access to the global pointer leads to (*unknown_svalue) for
the base region of the argument to the 2nd function, and thus
*unknown_svalue being reachable by the 2nd unknown function,
triggering an assertion failure.
Handle this case by rejecting attempts to get a cluster for
the unknown pointer, fixing the ICE.
gcc/analyzer/ChangeLog:
PR analyzer/96611
* store.cc (store::mark_as_escaped): Reject attempts to
get a cluster for an unknown pointer.
gcc/testsuite/ChangeLog:
PR analyzer/96611
* gcc.dg/analyzer/pr96611.c: New test.
Diffstat (limited to 'gcc/analyzer')
| -rw-r--r-- | gcc/analyzer/store.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc index 5fef27c..950a778 100644 --- a/gcc/analyzer/store.cc +++ b/gcc/analyzer/store.cc @@ -1691,6 +1691,9 @@ store::mark_as_escaped (const region *base_reg) gcc_assert (base_reg); gcc_assert (base_reg->get_base_region () == base_reg); + if (base_reg->symbolic_for_unknown_ptr_p ()) + return; + binding_cluster *cluster = get_or_create_cluster (base_reg); cluster->mark_as_escaped (); } |