https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67136
Bug ID: 67136
Summary: sanitizer reports "member access within null pointer"
for correct C++ code
Product: gcc
Version: 5.2.0
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: konstantin.vladimirov at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Minimal reproduction:
----
#include <cstdio>
using namespace std;
class Base
{
public:
Base ():m_nl (144) {}
virtual ~Base() {}
protected:
const int m_nl;
};
class Derived : public Base
{
public:
__attribute__ ((noinline)) Derived ():Base()
{
fprintf (stderr, "error = %d\n", (m_nl/2-1)%m_nl);
}
};
Base *base;
int
main ()
{
base = new Derived;
return 0;
}
----
Compile with G++ 5.2.0
g++-5.2.0 -fno-sanitize-recover -fsanitize=undefined -O1 -Wall test.cpp
-Wl,-rpath /tools/local/gcc-5.2.0/lib64 -lubsan
---
Yields warning:
test.cpp: In constructor ‘Derived::Derived()’:
test.cpp:20:39: warning: ‘<anonymous>’ may be used uninitialized in this
function [-Wmaybe-uninitialized]
fprintf (stderr, "error = %d\n", (m_nl/2-1)%m_nl);
---
I suggest, that macro UBSAN_NULL expands incorrectly on sanopt pass, yields
unitialized Gimple anonymous variable and then incorrectly compares with 0.
