From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 17 Aug 2020 15:40:44 +0000 (-0400)
Subject: analyzer: fix ICE due to NULL type [PR96639]
X-Git-Tag: basepoints/gcc-12~5533
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42c5ae5d7f0ad89b75d93c497fe44b6c66da7e76;p=thirdparty%2Fgcc.git

analyzer: fix ICE due to NULL type [PR96639]

gcc/analyzer/ChangeLog:
	PR analyzer/96639
	* region.cc (region::get_subregions_for_binding): Check for "type"
	being NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/96639
	* gcc.dg/analyzer/pr96639.c: New test.
---

diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc
index afe416b001ba..eab1f2771cf8 100644
--- a/gcc/analyzer/region.cc
+++ b/gcc/analyzer/region.cc
@@ -256,7 +256,7 @@ region::get_subregions_for_binding (region_model_manager *mgr,
 				    tree type,
 				    auto_vec <const region *> *out) const
 {
-  if (get_type () == NULL_TREE)
+  if (get_type () == NULL_TREE || type == NULL_TREE)
     return;
   if (relative_bit_offset == 0
       && types_compatible_p (get_type (), type))
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr96639.c b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
new file mode 100644
index 000000000000..02ca3f084a2f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr96639.c
@@ -0,0 +1,10 @@
+void *calloc (__SIZE_TYPE__, __SIZE_TYPE__);
+
+int
+x7 (void)
+{
+  int **md = calloc (1, 1);
+
+  return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
+  /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+}