re PR sanitizer/79572 (reference binding to null pointer not reported with -fsanitize=undefined)

	PR c++/79572
	* c-ubsan.h (ubsan_maybe_instrument_reference): Change argument to
	tree *.
	* c-ubsan.c (ubsan_maybe_instrument_reference): Likewise.  Handle
	not just NOP_EXPR to REFERENCE_TYPE, but also INTEGER_CST with
	REFERENCE_TYPE.

	* cp-gimplify.c (cp_genericize_r): Sanitize INTEGER_CSTs with
	REFERENCE_TYPE.  Adjust ubsan_maybe_instrument_reference caller
	for NOP_EXPR to REFERENCE_TYPE.

	* g++.dg/ubsan/null-8.C: New test.

From-SVN: r246621

1 files changed, 14 insertions, 1 deletions

diff --git a/gcc/cp/cp-gimplify.c b/gcc/cp/cp-gimplify.c
index 354ae1a..6e49daf 100644
--- a/gcc/cp/cp-gimplify.c
+++ b/gcc/cp/cp-gimplify.c
@@ -1130,6 +1130,19 @@ cp_genericize_r (tree *stmt_p, int *walk_subtrees, void *data)
 	}
     }
 
+  if (TREE_CODE (stmt) == INTEGER_CST
+      && TREE_CODE (TREE_TYPE (stmt)) == REFERENCE_TYPE
+      && (flag_sanitize & (SANITIZE_NULL | SANITIZE_ALIGNMENT))
+      && !wtd->no_sanitize_p)
+    {
+      ubsan_maybe_instrument_reference (stmt_p);
+      if (*stmt_p != stmt)
+	{
+	  *walk_subtrees = 0;
+	  return NULL_TREE;
+	}
+    }
+
   /* Other than invisiref parms, don't walk the same tree twice.  */
   if (p_set->contains (stmt))
     {
@@ -1477,7 +1490,7 @@ cp_genericize_r (tree *stmt_p, int *walk_subtrees, void *data)
       if ((flag_sanitize & (SANITIZE_NULL | SANITIZE_ALIGNMENT))
 	  && TREE_CODE (stmt) == NOP_EXPR
 	  && TREE_CODE (TREE_TYPE (stmt)) == REFERENCE_TYPE)
-	ubsan_maybe_instrument_reference (stmt);
+	ubsan_maybe_instrument_reference (stmt_p);
       else if (TREE_CODE (stmt) == CALL_EXPR)
 	{
 	  tree fn = CALL_EXPR_FN (stmt);