Handle failure to determine pointer provenance conservatively [PR104069].
Partly resolves: PR middle-end/104069 - -Werror=use-after-free false positive on elfutils-0.186 gcc/ChangeLog: PR middle-end/104069 * gimple-ssa-warn-access.cc (pointers_related_p): Return false for an unknown result as documented. gcc/testsuite/ChangeLog: PR middle-end/104069 * gcc.dg/Wuse-after-free.c: New test.
This commit is contained in:
parent
9c186493a7
commit
2f714642e5
|
@ -4082,7 +4082,9 @@ pointers_related_p (gimple *stmt, tree p, tree q, pointer_query &qry)
|
|||
access_ref pref, qref;
|
||||
if (!qry.get_ref (p, stmt, &pref, 0)
|
||||
|| !qry.get_ref (q, stmt, &qref, 0))
|
||||
return true;
|
||||
/* GET_REF() only rarely fails. When it does, it's likely because
|
||||
it involves a self-referential PHI. Return a conservative result. */
|
||||
return false;
|
||||
|
||||
return pref.ref == qref.ref;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
/* PR middle-end/104069 - -Werror=use-after-free false positive on
|
||||
elfutils-0.186
|
||||
{ dg-do compile }
|
||||
{ dg-options "-Wall" } */
|
||||
|
||||
typedef __SIZE_TYPE__ size_t;
|
||||
|
||||
extern void* realloc (void *, size_t);
|
||||
|
||||
void* __libdw_unzstd (size_t todo)
|
||||
{
|
||||
void *sb = 0;
|
||||
|
||||
for ( ; ; )
|
||||
{
|
||||
// Ran only once.
|
||||
if (!sb)
|
||||
{
|
||||
char *b = realloc (sb, todo);
|
||||
if (!b)
|
||||
break;
|
||||
|
||||
sb = b;
|
||||
}
|
||||
|
||||
todo -= 1;
|
||||
if (todo == 0)
|
||||
break;
|
||||
}
|
||||
|
||||
// Shrink buffer: leave only one byte for simplicity.
|
||||
char *b = realloc (sb, 1);
|
||||
if (b)
|
||||
sb = b;
|
||||
else
|
||||
{
|
||||
// Realloc failed mysteriously, leave 'sb' untouched.
|
||||
}
|
||||
|
||||
return sb; // { dg-bogus "-Wuse-after-free" }
|
||||
}
|
Loading…
Reference in New Issue