From: David Malcolm <dmalcolm@redhat.com>
Date: Tue, 3 Feb 2026 23:52:35 +0000 (-0500)
Subject: analyzer: fix ICE on pointer offsets [PR116865]
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53913b45f2dc4ba0f81845670d0877b7638d53d3;p=thirdparty%2Fgcc.git

analyzer: fix ICE on pointer offsets [PR116865]

gcc/analyzer/ChangeLog:
	PR analyzer/116865
	* region-model-manager.cc
	(region_model_manager::get_offset_region): Use POINTER_PLUS_EXPR
	rather than PLUS_EXPR for pointer offsets.

gcc/testsuite/ChangeLog:
	PR analyzer/116865
	* c-c++-common/analyzer/ice-pr116865.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---

diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index 5790f912d45..76ca8348eda 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -1732,7 +1732,7 @@ region_model_manager::get_offset_region (const region *parent,
       const svalue *sval_x = parent_offset_reg->get_byte_offset ();
       const svalue *sval_sum
 	= get_or_create_binop (byte_offset->get_type (),
-			       PLUS_EXPR, sval_x, byte_offset);
+			       POINTER_PLUS_EXPR, sval_x, byte_offset);
       return get_offset_region (parent->get_parent_region (), type, sval_sum);
     }
 
diff --git a/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c b/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c
new file mode 100644
index 00000000000..4acddb41010
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/analyzer/ice-pr116865.c
@@ -0,0 +1,7 @@
+/* { dg-additional-options "-O2" } */
+
+int f(int l) {
+  char *t_string = (char *)__builtin_calloc(l + 2, 1);
+  char *end = t_string + l - 1;
+  return '0' != *(end - 1); /* { dg-warning "leak of 't_string'" } */
+}