From e6683450f4a26dae7774be735a3429f48aee9565 Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Wed, 19 May 2021 12:05:30 +0200 Subject: [PATCH] builtins: Fix ICE with unprototyped builtin call [PR100576] MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit For unprototyped builtins the checking we perform is only about whether the used argument is integral, pointer etc., not the exact precision. We emit a warning about the problem though: pr100576.c: In function ‘foo’: pr100576.c:9:11: warning: implicit declaration of function ‘memcmp’ [-Wimplicit-function-declaration] 9 | int n = memcmp (p, v, b); | ^~~~~~ pr100576.c:1:1: note: include ‘’ or provide a declaration of ‘memcmp’ +++ |+#include 1 | /* PR middle-end/100576 */ pr100576.c:9:25: warning: ‘memcmp’ argument 3 type is ‘int’ where ‘long unsigned int’ is expected in a call to built-in function declared without prototype +[-Wbuiltin-declaration-mismatch] 9 | int n = memcmp (p, v, b); | ^ It means in the testcase below where the user incorrectly called memcmp with last argument int rather then size_t, the warning stuff in builtins.c ICEs because it compares a wide_int from such a bound with another wide_int which has precision of size_t/sizetype and wide_int asserts the compared wide_ints are compatible. Fixed by forcing the bound to have the right type. 2021-05-19 Jakub Jelinek PR middle-end/100576 * builtins.c (check_read_access): Convert bound to size_type_node if non-NULL. * gcc.c-torture/compile/pr100576.c: New test. --- gcc/builtins.c | 2 ++ gcc/testsuite/gcc.c-torture/compile/pr100576.c | 12 ++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 gcc/testsuite/gcc.c-torture/compile/pr100576.c diff --git a/gcc/builtins.c b/gcc/builtins.c index e1b284846b1d..6a2875edfb5e 100644 --- a/gcc/builtins.c +++ b/gcc/builtins.c @@ -4904,6 +4904,8 @@ check_read_access (tree exp, tree src, tree bound /* = NULL_TREE */, if (!warn_stringop_overread) return true; + if (bound && !useless_type_conversion_p (size_type_node, TREE_TYPE (bound))) + bound = fold_convert (size_type_node, bound); access_data data (exp, access_read_only, NULL_TREE, false, bound, true); compute_objsize (src, ost, &data.src); return check_access (exp, /*dstwrite=*/ NULL_TREE, /*maxread=*/ bound, diff --git a/gcc/testsuite/gcc.c-torture/compile/pr100576.c b/gcc/testsuite/gcc.c-torture/compile/pr100576.c new file mode 100644 index 000000000000..f2f40ec45120 --- /dev/null +++ b/gcc/testsuite/gcc.c-torture/compile/pr100576.c @@ -0,0 +1,12 @@ +/* PR middle-end/100576 */ + +const char v[] = {0x12}; + +void +foo (const char *p) +{ + int b = sizeof v; + int n = memcmp (p, v, b); + if (n) + __builtin_abort (); +} -- 2.47.2