From: Richard Biener <rguenther@suse.de>
Date: Tue, 27 Jan 2026 14:43:53 +0000 (+0100)
Subject: tree-optimization/110043 - avoid overflow in pointer-query
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fdb0e1b186b8ade38d454504e3f8bba2b17a9ea;p=thirdparty%2Fgcc.git

tree-optimization/110043 - avoid overflow in pointer-query

pointer-query is built around using offset_int to avoid needing
to deal with overflow.  This falls apart when trying to analyze
array accesses indexed by __int128.  So don't.

	PR tree-optimization/110043
	* pointer-query.cc (get_offset_range): Fail for integer
	types with precision larger than ptrdiff_type_node.

	* gcc.dg/torture/pr110043.c: New testcase.
---

diff --git a/gcc/pointer-query.cc b/gcc/pointer-query.cc
index 18b3cda4268..61b0032b2fb 100644
--- a/gcc/pointer-query.cc
+++ b/gcc/pointer-query.cc
@@ -74,7 +74,12 @@ get_offset_range (tree x, gimple *stmt, offset_int r[2], range_query *rvals)
     x = TREE_OPERAND (x, 0);
 
   tree type = TREE_TYPE (x);
-  if (!INTEGRAL_TYPE_P (type) && !POINTER_TYPE_P (type))
+  if ((!INTEGRAL_TYPE_P (type)
+       /* ???  We get along without caring about overflow by using
+	  offset_int, but that falls apart when indexes are bigger
+	  than pointer differences.  */
+       || TYPE_PRECISION (type) > TYPE_PRECISION (ptrdiff_type_node))
+      && !POINTER_TYPE_P (type))
     return false;
 
    if (TREE_CODE (x) != INTEGER_CST
diff --git a/gcc/testsuite/gcc.dg/torture/pr110043.c b/gcc/testsuite/gcc.dg/torture/pr110043.c
new file mode 100644
index 00000000000..32c9ad77a79
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr110043.c
@@ -0,0 +1,9 @@
+/* { dg-do compile } */
+/* { dg-require-effective-target int128 } */
+
+__int128 g_116_1;
+extern char g_521[][8];
+void func_24() {
+  for (; g_116_1 >= 0;)
+    g_521[g_116_1][g_116_1] &= 0;
+}