From 61bfff562e3b6091d5a0a412a7d496bd523868a8 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Sat, 24 Apr 2021 19:49:31 -0400 Subject: analyzer: fix ICE on NULL change.m_expr [PR100244] PR analyzer/100244 reports an ICE on a -Wanalyzer-free-of-non-heap due to a case where free_of_non_heap::describe_state_change can be passed a NULL change.m_expr for a suitably complicated symbolic value. Bulletproof it by checking for change.m_expr being NULL before dereferencing it. gcc/analyzer/ChangeLog: PR analyzer/100244 * sm-malloc.cc (free_of_non_heap::describe_state_change): Bulletproof against change.m_expr being NULL. gcc/testsuite/ChangeLog: PR analyzer/100244 * g++.dg/analyzer/pr100244.C: New test. --- gcc/analyzer/sm-malloc.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gcc/analyzer/sm-malloc.cc') diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index 1d5b860..f02b73a 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -1303,7 +1303,7 @@ public: { /* Attempt to reconstruct what kind of pointer it is. (It seems neater for this to be a part of the state, though). */ - if (TREE_CODE (change.m_expr) == SSA_NAME) + if (change.m_expr && TREE_CODE (change.m_expr) == SSA_NAME) { gimple *def_stmt = SSA_NAME_DEF_STMT (change.m_expr); if (gcall *call = dyn_cast (def_stmt)) -- cgit v1.1