From: David Malcolm <dmalcolm@redhat.com>
Date: Tue, 22 Nov 2022 22:29:21 +0000 (-0500)
Subject: analyzer: fix ICE on 'bind(INT_CST, ...)' [PR107783]
X-Git-Tag: basepoints/gcc-14~2959
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64fb291c5839e1a82afb62743172b4eab1267399;p=thirdparty%2Fgcc.git

analyzer: fix ICE on 'bind(INT_CST, ...)' [PR107783]

This was crashing inside fd_phase_mismatch's ctor with assertion
failure when the state was "fd-constant".

Fix the ICE by not complaining about constants passed to these APIs.

gcc/analyzer/ChangeLog:
	PR analyzer/107783
	* sm-fd.cc (fd_state_machine::check_for_new_socket_fd): Don't
	complain when old state is "fd-constant".
	(fd_state_machine::on_listen): Likewise.
	(fd_state_machine::on_accept): Likewise.

gcc/testsuite/ChangeLog:
	PR analyzer/107783
	* gcc.dg/analyzer/fd-accept.c (test_accept_on_constant): New.
	* gcc.dg/analyzer/fd-bind.c (test_bind_on_constant): New.
	* gcc.dg/analyzer/fd-connect.c (test_connect_on_constant): New.
	* gcc.dg/analyzer/fd-listen.c (test_listen_on_connected_socket):
	Fix typo.
	(test_listen_on_constant): New.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---

diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc
index 3e500575428f..f7779be7d262 100644
--- a/gcc/analyzer/sm-fd.cc
+++ b/gcc/analyzer/sm-fd.cc
@@ -1798,7 +1798,8 @@ fd_state_machine::check_for_new_socket_fd (const call_details &cd,
 		|| old_state == m_new_datagram_socket
 		|| old_state == m_new_unknown_socket
 		|| old_state == m_start
-		|| old_state == m_stop))
+		|| old_state == m_stop
+		|| old_state == m_constant_fd))
     {
       /* Complain about "bind" or "connect" in wrong phase.  */
       tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval);
@@ -1900,6 +1901,7 @@ fd_state_machine::on_listen (const call_details &cd,
   if (!check_for_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state))
     return false;
   if (!(old_state == m_start
+	|| old_state == m_constant_fd
 	|| old_state == m_stop
 	|| old_state == m_bound_stream_socket
 	|| old_state == m_bound_unknown_socket
@@ -2015,8 +2017,9 @@ fd_state_machine::on_accept (const call_details &cd,
   if (!check_for_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state))
     return false;
 
-  if (old_state == m_start)
-    /* If we were in the start state, assume we had the expected state.  */
+  if (old_state == m_start || old_state == m_constant_fd)
+    /* If we were in the start state (or a constant), assume we had the
+       expected state.  */
     sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval,
 			     m_listening_stream_socket);
   else if (old_state == m_stop)
diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-accept.c b/gcc/testsuite/gcc.dg/analyzer/fd-accept.c
index 5426063f31d7..1b25012624b6 100644
--- a/gcc/testsuite/gcc.dg/analyzer/fd-accept.c
+++ b/gcc/testsuite/gcc.dg/analyzer/fd-accept.c
@@ -69,3 +69,8 @@ int test_accept_on_accept (int fd_a)
 
   return fd_b;
 }
+
+int test_accept_on_constant ()
+{
+  return accept (0, NULL, 0);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-bind.c b/gcc/testsuite/gcc.dg/analyzer/fd-bind.c
index c34803f13800..d027b1a6b51e 100644
--- a/gcc/testsuite/gcc.dg/analyzer/fd-bind.c
+++ b/gcc/testsuite/gcc.dg/analyzer/fd-bind.c
@@ -74,3 +74,8 @@ void test_bind_after_accept (int fd, const char *sockname)
 
   close (afd);
 }
+
+int test_bind_on_constant ()
+{
+  return bind (0, NULL, 0);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-connect.c b/gcc/testsuite/gcc.dg/analyzer/fd-connect.c
index 7bf687e25709..ad837c93f4bc 100644
--- a/gcc/testsuite/gcc.dg/analyzer/fd-connect.c
+++ b/gcc/testsuite/gcc.dg/analyzer/fd-connect.c
@@ -46,3 +46,8 @@ void test_connect_after_bind (const char *sockname,
 
   close (fd);      
 }
+
+int test_connect_on_constant ()
+{
+  return connect (0, NULL, 0);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-listen.c b/gcc/testsuite/gcc.dg/analyzer/fd-listen.c
index becf46902936..a241113e3f09 100644
--- a/gcc/testsuite/gcc.dg/analyzer/fd-listen.c
+++ b/gcc/testsuite/gcc.dg/analyzer/fd-listen.c
@@ -54,7 +54,7 @@ void test_listen_on_new_datagram_socket (void)
   close (fd);
 }
 
-void test_listed_on_connected_socket (int fd)
+void test_listen_on_connected_socket (int fd)
 {
   int afd = accept (fd, NULL, 0);
   if (afd == -1)
@@ -63,3 +63,8 @@ void test_listed_on_connected_socket (int fd)
   /* { dg-message "'listen' expects a bound stream socket file descriptor but 'afd' is connected" "final event" { target *-*-* } .-1 } */
   close (afd);
 }
+
+int test_listen_on_constant ()
+{
+  return listen (0, 10);
+}