From: Jakub Jelinek Date: Thu, 23 Jan 2025 10:46:18 +0000 (+0100) Subject: tree-assume: Fix UB in assume_query [PR118605] X-Git-Tag: basepoints/gcc-16~2395 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27a05f8d11798889ecfb610db9bde781c3d218f7;p=thirdparty%2Fgcc.git tree-assume: Fix UB in assume_query [PR118605] The assume_query constructor does assume_query::assume_query (function *f, bitmap p) : m_parm_list (p), m_func (f) where m_parm_list is bitmap &. This is compile time UB, because as soon as the constructor returns, m_parm_list reference is still bound to the parameter of the constructor which is no longer in scope. Now, one possible fix would be change the ctor argument to be bitmap &, but that doesn't really work because in the only user of that class we have auto_bitmap decls; ... assume_query query (fun, decls); and auto_bitmap just has operator bitmap () { return &m_bits; } Could be perhaps const bitmap &, but why? bitmap is a pointer: typedef class bitmap_head *bitmap; and the EXECUTE_IF_SET_IN_BITMAP macros don't really change that point, they just inspect what is inside of that bitmap_head the pointer points to. So, the simplest I think is avoid references (which cause even worse code as it has to be dereferenced twice rather than once). 2025-01-23 Jakub Jelinek PR tree-optimization/118605 * tree-assume.cc (assume_query::m_parm_list): Change type from bitmap & to bitmap. --- diff --git a/gcc/tree-assume.cc b/gcc/tree-assume.cc index de8acc99949..c9288608b1e 100644 --- a/gcc/tree-assume.cc +++ b/gcc/tree-assume.cc @@ -97,7 +97,7 @@ protected: ssa_lazy_cache m_path; // Values found on path ssa_lazy_cache m_parms; // Cumulative parameter value calculated - bitmap &m_parm_list; // Parameter ssa-names list. + bitmap m_parm_list; // Parameter ssa-names list. function *m_func; };