From: David Malcolm Date: Thu, 3 Nov 2022 14:21:00 +0000 (-0400) Subject: analyzer: fix ICE when pipe's arg isn't a pointer [PR107486] X-Git-Tag: basepoints/gcc-14~3581 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5acc10a9ea66411e1712fabc94f9f29892b0d607;p=thirdparty%2Fgcc.git analyzer: fix ICE when pipe's arg isn't a pointer [PR107486] gcc/analyzer/ChangeLog: PR analyzer/107486 * analyzer.cc (is_pipe_call_p): New. * analyzer.h (is_pipe_call_p): New decl. * region-model.cc (region_model::on_call_pre): Use it. (region_model::on_call_post): Likewise. gcc/testsuite/ChangeLog: PR analyzer/107486 * gcc.dg/analyzer/pipe-pr107486.c: New test. * gcc.dg/analyzer/pipe-void-return.c: New test. Signed-off-by: David Malcolm --- diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc index 8a2a7734f24c..6c7c969538c1 100644 --- a/gcc/analyzer/analyzer.cc +++ b/gcc/analyzer/analyzer.cc @@ -379,6 +379,22 @@ is_longjmp_call_p (const gcall *call) return false; } +/* Return true if this is a "pipe" call. */ + +bool +is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args) +{ + if (!is_named_call_p (fndecl, funcname, call, num_args)) + return false; + + /* We require a pointer for the initial argument. */ + if (!POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0)))) + return false; + + return true; +} + /* For a CALL that matched is_special_named_call_p or is_named_call_p for some name, return a name for the called function suitable for use in diagnostics (stripping the leading underscores). */ diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/analyzer.h index a2d79e4a59fe..c41cfb016563 100644 --- a/gcc/analyzer/analyzer.h +++ b/gcc/analyzer/analyzer.h @@ -324,6 +324,8 @@ extern bool is_std_named_call_p (const_tree fndecl, const char *funcname, const gcall *call, unsigned int num_args); extern bool is_setjmp_call_p (const gcall *call); extern bool is_longjmp_call_p (const gcall *call); +extern bool is_pipe_call_p (const_tree fndecl, const char *funcname, + const gcall *call, unsigned int num_args); extern const char *get_user_facing_name (const gcall *call); diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 7c44fc9e2530..4713f0d25191 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2315,8 +2315,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt, impl_call_memset (cd); return false; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { /* Handle in "on_call_post"; bail now so that fd array is left untouched so that we can detect use-of-uninit @@ -2403,8 +2403,8 @@ region_model::on_call_post (const gcall *call, impl_call_operator_delete (cd); return; } - else if (is_named_call_p (callee_fndecl, "pipe", call, 1) - || is_named_call_p (callee_fndecl, "pipe2", call, 2)) + else if (is_pipe_call_p (callee_fndecl, "pipe", call, 1) + || is_pipe_call_p (callee_fndecl, "pipe2", call, 2)) { impl_call_pipe (cd); return; diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c new file mode 100644 index 000000000000..e9fc7fb4943e --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-pr107486.c @@ -0,0 +1,5 @@ +void pipe(int); + +void f1(void) { + pipe(1); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c new file mode 100644 index 000000000000..0de676305f66 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pipe-void-return.c @@ -0,0 +1,11 @@ +extern void pipe(int pipefd[2]); +extern int close(int fd); + +void +test_unchecked (void) +{ + int fds[2]; + pipe (fds); /* { dg-message "when 'pipe' fails" } */ + close (fds[0]); /* { dg-warning "use of uninitialized value 'fds\\\[0\\\]'" } */ + close (fds[1]); /* { dg-warning "use of uninitialized value 'fds\\\[1\\\]'" } */ +}