analyzer: fix ICE on zero-arg calls passed to __attribute__((nonnull)) [PR 99906]

gcc/analyzer/ChangeLog: PR analyzer/99906 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL dereference on calls with zero arguments. * sm-malloc.cc (malloc_state_machine::on_stmt): When handling __attribute__((nonnull)), only call get_diagnostic_tree if the result will be used. gcc/testsuite/ChangeLog: PR analyzer/99906 * gcc.dg/analyzer/pr99906.c: New test.
author: David Malcolm <dmalcolm@redhat.com> 2021-04-05 10:51:46 -0400
committer: David Malcolm <dmalcolm@redhat.com> 2021-04-05 10:51:46 -0400
commit: 7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb (patch)
tree: 677b9b95da3c33c922a3c26ddfba0c2e2e131ebd /gcc
parent: 69b66ff02353a87585329bb3cf4ac20d6dee1b16 (diff)
download: gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.zip
gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.tar.gz
gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.tar.bz2
3 files changed, 6 insertions, 2 deletions
diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc
index 2b4cffd..12c03f6 100644
--- a/gcc/analyzer/analyzer.cc
+++ b/gcc/analyzer/analyzer.cc
@@ -148,7 +148,7 @@ maybe_reconstruct_from_def_stmt (tree ssa_name,
 	  }
 	return build_call_array_loc (gimple_location (call_stmt),
 				     return_type, fn,
-				     num_args, &args[0]);
+				     num_args, args.address ());
       }
       break;
     }
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index ae03b06..1d5b860 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1600,11 +1600,11 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
 		  if (bitmap_empty_p (nonnull_args)
 		      || bitmap_bit_p (nonnull_args, i))
 		    {
-		      tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 		      state_t state = sm_ctxt->get_state (stmt, arg);
 		      /* Can't use a switch as the states are non-const.  */
 		      if (unchecked_p (state))
 			{
+			  tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 			  sm_ctxt->warn (node, stmt, arg,
 					 new possible_null_arg (*this, diag_arg,
 								callee_fndecl,
@@ -1616,6 +1616,7 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
 			}
 		      else if (state == m_null)
 			{
+			  tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 			  sm_ctxt->warn (node, stmt, arg,
 					 new null_arg (*this, diag_arg,
 						       callee_fndecl, i));
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr99906.c b/gcc/testsuite/gcc.dg/analyzer/pr99906.c
new file mode 100644
index 0000000..bb399a3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr99906.c
@@ -0,0 +1,3 @@
+void bar(void *) __attribute__((__nonnull__));
+void *baz(void);
+void foo(void) { bar(baz()); }
author	David Malcolm <dmalcolm@redhat.com>	2021-04-05 10:51:46 -0400
committer	David Malcolm <dmalcolm@redhat.com>	2021-04-05 10:51:46 -0400
commit	7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb (patch)
tree	677b9b95da3c33c922a3c26ddfba0c2e2e131ebd /gcc
parent	69b66ff02353a87585329bb3cf4ac20d6dee1b16 (diff)
download	gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.zip gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.tar.gz gcc-7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb.tar.bz2