From: Jakub Jelinek <jakub@redhat.com>
Date: Wed, 19 May 2021 10:05:30 +0000 (+0200)
Subject: builtins: Fix ICE with unprototyped builtin call [PR100576]
X-Git-Tag: releases/gcc-11.2.0~313
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4d6ea0c64bbbbe45add18294bfbd2ceb6512bbd;p=thirdparty%2Fgcc.git

builtins: Fix ICE with unprototyped builtin call [PR100576]

For unprototyped builtins the checking we perform is only about whether
the used argument is integral, pointer etc., not the exact precision.
We emit a warning about the problem though:
pr100576.c: In function ‘foo’:
pr100576.c:9:11: warning: implicit declaration of function ‘memcmp’ [-Wimplicit-function-declaration]
    9 |   int n = memcmp (p, v, b);
      |           ^~~~~~
pr100576.c:1:1: note: include ‘<string.h>’ or provide a declaration of ‘memcmp’
  +++ |+#include <string.h>
    1 | /* PR middle-end/100576 */
pr100576.c:9:25: warning: ‘memcmp’ argument 3 type is ‘int’ where ‘long unsigned int’ is expected in a call to built-in function declared without prototype
+[-Wbuiltin-declaration-mismatch]
    9 |   int n = memcmp (p, v, b);
      |                         ^
It means in the testcase below where the user incorrectly called memcmp
with last argument int rather then size_t, the warning stuff in builtins.c
ICEs because it compares a wide_int from such a bound with another wide_int
which has precision of size_t/sizetype and wide_int asserts the compared
wide_ints are compatible.

Fixed by forcing the bound to have the right type.

2021-05-19  Jakub Jelinek  <jakub@redhat.com>

	PR middle-end/100576
	* builtins.c (check_read_access): Convert bound to size_type_node if
	non-NULL.

	* gcc.c-torture/compile/pr100576.c: New test.

(cherry picked from commit e6683450f4a26dae7774be735a3429f48aee9565)
---

diff --git a/gcc/builtins.c b/gcc/builtins.c
index d30c4eb62fc5..308846ee39b3 100644
--- a/gcc/builtins.c
+++ b/gcc/builtins.c
@@ -4910,6 +4910,8 @@ check_read_access (tree exp, tree src, tree bound /* = NULL_TREE */,
   if (!warn_stringop_overread)
     return true;
 
+  if (bound && !useless_type_conversion_p (size_type_node, TREE_TYPE (bound)))
+    bound = fold_convert (size_type_node, bound);
   access_data data (exp, access_read_only, NULL_TREE, false, bound, true);
   compute_objsize (src, ost, &data.src);
   return check_access (exp, /*dstwrite=*/ NULL_TREE, /*maxread=*/ bound,
diff --git a/gcc/testsuite/gcc.c-torture/compile/pr100576.c b/gcc/testsuite/gcc.c-torture/compile/pr100576.c
new file mode 100644
index 000000000000..f2f40ec45120
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/compile/pr100576.c
@@ -0,0 +1,12 @@
+/* PR middle-end/100576 */
+
+const char v[] = {0x12};
+
+void
+foo (const char *p)
+{
+  int b = sizeof v;
+  int n = memcmp (p, v, b);
+  if (n)
+    __builtin_abort ();
+}