Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Successful run of analyzer integration tests on x86_64-pc-linux-gnu.
Pushed to trunk as r16-7459-ga815fdb2052fbc.
gcc/analyzer/ChangeLog:
PR analyzer/124055
* kf.cc (kf_strcpy::impl_call_pre): Ensure bytes_to_copy is
initialized. Assert that it was written to with non-null if
check_for_null_terminated_string_arg returns non-null.
* region-model.cc (region_model::scan_for_null_terminator):
Initialize *out_sval, and assert it is written to when
returning non-null.
(region_model::check_for_null_terminated_string_arg): Assert
that scan_for_null_terminator wrote to *out_sval if it
returns non-null.
gcc/testsuite/ChangeLog:
PR analyzer/124055
* gcc.dg/analyzer/ice-pr124055-1.c: New test.
* gcc.dg/analyzer/ice-pr124055-2.c: New test.
Signed-off-by: David Malcolm <[email protected]>
---
gcc/analyzer/kf.cc | 3 ++-
gcc/analyzer/region-model.cc | 6 ++++++
gcc/testsuite/gcc.dg/analyzer/ice-pr124055-1.c | 15 +++++++++++++++
gcc/testsuite/gcc.dg/analyzer/ice-pr124055-2.c | 15 +++++++++++++++
4 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/ice-pr124055-1.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/ice-pr124055-2.c
diff --git a/gcc/analyzer/kf.cc b/gcc/analyzer/kf.cc
index 5fb86014746ea..b6b4f8f93acbc 100644
--- a/gcc/analyzer/kf.cc
+++ b/gcc/analyzer/kf.cc
@@ -1399,10 +1399,11 @@ kf_strcpy::impl_call_pre (const call_details &cd) const
/* strcpy returns the initial param. */
cd.maybe_set_lhs (dest_sval);
- const svalue *bytes_to_copy;
+ const svalue *bytes_to_copy = nullptr;
if (const svalue *num_bytes_read_sval
= cd.check_for_null_terminated_string_arg (1, true, &bytes_to_copy))
{
+ gcc_assert (bytes_to_copy);
cd.complain_about_overlap (0, 1, num_bytes_read_sval);
model->write_bytes (dest_reg, num_bytes_read_sval, bytes_to_copy, ctxt);
}
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 1c851130c45c4..871b91c069a55 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -4844,7 +4844,11 @@ region_model::scan_for_null_terminator (const region
*reg,
reg->dump_to_pp (pp, true);
logger->end_log_line ();
}
+ if (out_sval)
+ *out_sval = nullptr;
const svalue *sval = scan_for_null_terminator_1 (reg, expr, out_sval, ctxt);
+ if (sval && out_sval)
+ gcc_assert (*out_sval);
if (logger)
{
pretty_printer *pp = logger->get_printer ();
@@ -5028,6 +5032,8 @@ region_model::check_for_null_terminated_string_arg (const
call_details &cd,
out_sval,
&my_ctxt))
{
+ if (out_sval)
+ gcc_assert (*out_sval);
if (include_terminator)
return num_bytes_read_sval;
else
diff --git a/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-1.c
b/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-1.c
new file mode 100644
index 0000000000000..9b1d190b64446
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-1.c
@@ -0,0 +1,15 @@
+/* { dg-additional-options "-O -fdump-analyzer -frounding-math" } */
+
+void *p;
+
+static inline void
+bar(_Complex float f)
+{
+ __builtin_strcpy(p, (void *)&f); /* { dg-warning "uninit" } */
+}
+
+void
+foo()
+{
+ bar(72057594037927934);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-2.c
b/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-2.c
new file mode 100644
index 0000000000000..692917fad2353
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/ice-pr124055-2.c
@@ -0,0 +1,15 @@
+/* { dg-additional-options "-O -fdump-analyzer -frounding-math" } */
+
+void *p;
+
+static inline void
+bar(_Complex float f)
+{
+ __builtin_strcpy(p, (void *)&f);
+}
+
+void
+foo()
+{
+ bar(0);
+}
--
2.26.3
