analyzer: fix ICE on cast to NULL type [PR104524]

gcc/analyzer/ChangeLog: PR analyzer/104524 * region-model-manager.cc (region_model_manager::maybe_fold_sub_svalue): Only call get_or_create_cast if type is non-NULL. gcc/testsuite/ChangeLog: PR analyzer/104524 * gcc.dg/analyzer/pr104524.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-11-27 13:54:19 +08:00 · 2022-02-14 13:27:45 -05:00 · 2022-02-14 13:27:45 -05:00 · 84832cab6e
commit 84832cab6e
parent 1e2fe6715a
2 changed files with 12 additions and 2 deletions
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@ -771,7 +771,7 @@ region_model_manager::maybe_fold_sub_svalue (tree type,
      if (unary->get_op () == NOP_EXPR
 	  || unary->get_op () == VIEW_CONVERT_EXPR)
 	if (tree cst = unary->get_arg ()->maybe_get_constant ())
-	  if (zerop (cst))
+	  if (zerop (cst) && type)
 	    {
 	      const svalue *cst_sval
 		= get_or_create_constant_svalue (cst);
@ -786,7 +786,8 @@ region_model_manager::maybe_fold_sub_svalue (tree type,
 	/* If we have a concrete 1-byte access within the parent region... */
 	byte_range subregion_bytes (0, 0);
 	if (subregion->get_relative_concrete_byte_range (&subregion_bytes)
-	    && subregion_bytes.m_size_in_bytes == 1)
+	    && subregion_bytes.m_size_in_bytes == 1
+	    && type)
 	  {
 	    /* ...then attempt to get that char from the STRING_CST.  */
 	    HOST_WIDE_INT hwi_start_byte
--- a/gcc/testsuite/gcc.dg/analyzer/pr104524.c
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104524.c
@ -0,0 +1,9 @@
+int src[1];
+
+int
+main (int c, char **a)
+{
+  __builtin_memcpy (*a, src, c);
+
+  return 0;
+}