https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67136
Bug ID: 67136 Summary: sanitizer reports "member access within null pointer" for correct C++ code Product: gcc Version: 5.2.0 Status: UNCONFIRMED Severity: major Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: konstantin.vladimirov at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Target Milestone: --- Minimal reproduction: ---- #include <cstdio> using namespace std; class Base { public: Base ():m_nl (144) {} virtual ~Base() {} protected: const int m_nl; }; class Derived : public Base { public: __attribute__ ((noinline)) Derived ():Base() { fprintf (stderr, "error = %d\n", (m_nl/2-1)%m_nl); } }; Base *base; int main () { base = new Derived; return 0; } ---- Compile with G++ 5.2.0 g++-5.2.0 -fno-sanitize-recover -fsanitize=undefined -O1 -Wall test.cpp -Wl,-rpath /tools/local/gcc-5.2.0/lib64 -lubsan --- Yields warning: test.cpp: In constructor ‘Derived::Derived()’: test.cpp:20:39: warning: ‘<anonymous>’ may be used uninitialized in this function [-Wmaybe-uninitialized] fprintf (stderr, "error = %d\n", (m_nl/2-1)%m_nl); --- I suggest, that macro UBSAN_NULL expands incorrectly on sanopt pass, yields unitialized Gimple anonymous variable and then incorrectly compares with 0.