From 7d8f4240c94e2e7643ac13cda1fdd0bb6ca3a3fb Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 5 Apr 2021 10:51:46 -0400
Subject: analyzer: fix ICE on zero-arg calls passed to
 __attribute__((nonnull)) [PR 99906]

gcc/analyzer/ChangeLog:
	PR analyzer/99906
	* analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
	dereference on calls with zero arguments.
	* sm-malloc.cc (malloc_state_machine::on_stmt): When handling
	__attribute__((nonnull)), only call get_diagnostic_tree if the
	result will be used.

gcc/testsuite/ChangeLog:
	PR analyzer/99906
	* gcc.dg/analyzer/pr99906.c: New test.
---
 gcc/analyzer/sm-malloc.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'gcc/analyzer/sm-malloc.cc')

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index ae03b06..1d5b860 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -1600,11 +1600,11 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
 		  if (bitmap_empty_p (nonnull_args)
 		      || bitmap_bit_p (nonnull_args, i))
 		    {
-		      tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 		      state_t state = sm_ctxt->get_state (stmt, arg);
 		      /* Can't use a switch as the states are non-const.  */
 		      if (unchecked_p (state))
 			{
+			  tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 			  sm_ctxt->warn (node, stmt, arg,
 					 new possible_null_arg (*this, diag_arg,
 								callee_fndecl,
@@ -1616,6 +1616,7 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
 			}
 		      else if (state == m_null)
 			{
+			  tree diag_arg = sm_ctxt->get_diagnostic_tree (arg);
 			  sm_ctxt->warn (node, stmt, arg,
 					 new null_arg (*this, diag_arg,
 						       callee_fndecl, i));
-- 
cgit v1.1