From patchwork Tue Jan 18 20:58:31 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Malcolm <dmalcolm@redhat.com>
X-Patchwork-Id: 50190
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id B752E3857C62
	for <patchwork@sourceware.org>; Tue, 18 Jan 2022 20:59:14 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B752E3857C62
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1642539554;
	bh=SLnTYJLUN6nme4qsJrgrby209W2eCLvsHPkCZTV9bxo=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=KVZ6YB3Vjla6BySFUPZcVYurogbwXNLI2IxtmjT2qS1hLc3gMnWNcBcl+nXvKK+/f
	 qtRk0jMn/M0zmSoiHMP4sXlHvQEolYBk3eTXl2Agpi/48bmC8J1NXqrv0yfU3uRdPt
	 aZfiZhBuYk6QfEfOSN7UZELsvg1zKVm1PU0M1Zfs=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id 6A308385802C
 for <gcc-patches@gcc.gnu.org>; Tue, 18 Jan 2022 20:58:45 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6A308385802C
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-652-fjnDMBm_NAujSRcRAJUL8w-1; Tue, 18 Jan 2022 15:58:41 -0500
X-MC-Unique: fjnDMBm_NAujSRcRAJUL8w-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 325661091DA0
 for <gcc-patches@gcc.gnu.org>; Tue, 18 Jan 2022 20:58:40 +0000 (UTC)
Received: from t14s.localdomain.com (unknown [10.2.16.212])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 167EF4DC04;
 Tue, 18 Jan 2022 20:58:34 +0000 (UTC)
To: gcc-patches@gcc.gnu.org
Subject: [committed] analyzer: fix ICE on realloc of zeroed memory [PR104062]
Date: Tue, 18 Jan 2022 15:58:31 -0500
Message-Id: <20220118205831.2146410-1-dmalcolm@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: David Malcolm via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: David Malcolm <dmalcolm@redhat.com>
Reply-To: David Malcolm <dmalcolm@redhat.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to trunk as r12-6699-g79e746bb05e432dcd1c18161469272d67c33d79d.

gcc/analyzer/ChangeLog:
	PR analyzer/104062
	* region-model-manager.cc
	(region_model_manager::maybe_fold_sub_svalue): Avoid casting to
	NULL type when folding access to repeated svalue.

gcc/testsuite/ChangeLog:
	PR analyzer/104062
	* gcc.dg/analyzer/pr104062.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>
---
 gcc/analyzer/region-model-manager.cc     |  3 ++-
 gcc/testsuite/gcc.dg/analyzer/pr104062.c | 13 +++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr104062.c

diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index 903cdfde91d..9d4f5952ef3 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -794,7 +794,8 @@ region_model_manager::maybe_fold_sub_svalue (tree type,
 
   if (const repeated_svalue *repeated_sval
 	= parent_svalue->dyn_cast_repeated_svalue ())
-    return get_or_create_cast (type, repeated_sval->get_inner_svalue ());
+    if (type)
+      return get_or_create_cast (type, repeated_sval->get_inner_svalue ());
 
   return NULL;
 }
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104062.c b/gcc/testsuite/gcc.dg/analyzer/pr104062.c
new file mode 100644
index 00000000000..7129c27f60b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104062.c
@@ -0,0 +1,13 @@
+void *
+calloc (__SIZE_TYPE__, __SIZE_TYPE__);
+
+void *
+realloc (void *, __SIZE_TYPE__);
+
+void
+foo (void)
+{
+  int *ap5 = calloc (4, sizeof *ap5);
+  int *ap7 = realloc (ap5, sizeof *ap5);
+} /* { dg-warning "leak of 'ap5'" "leak of ap5" } */
+/* { dg-warning "leak of 'ap7'" "leak of ap7" { target *-*-* } .-1 } */