Handle failure to determine pointer provenance conservatively [PR104069].

Partly resolves: PR middle-end/104069 - -Werror=use-after-free false positive on elfutils-0.186 gcc/ChangeLog: PR middle-end/104069 * gimple-ssa-warn-access.cc (pointers_related_p): Return false for an unknown result as documented. gcc/testsuite/ChangeLog: PR middle-end/104069 * gcc.dg/Wuse-after-free.c: New test.
2022-01-18 17:52:01 -07:00 · 2022-01-18 17:52:01 -07:00 · 2f714642e5
parent 9c186493a7
commit 2f714642e5
2 changed files with 44 additions and 1 deletions
--- a/gcc/gimple-ssa-warn-access.cc
+++ b/gcc/gimple-ssa-warn-access.cc
@ -4082,7 +4082,9 @@ pointers_related_p (gimple *stmt, tree p, tree q, pointer_query &qry)
  access_ref pref, qref;
  if (!qry.get_ref (p, stmt, &pref, 0)
      || !qry.get_ref (q, stmt, &qref, 0))
-    return true;
+    /* GET_REF() only rarely fails.  When it does, it's likely because
+       it involves a self-referential PHI.  Return a conservative result.  */
+    return false;

  return pref.ref == qref.ref;
 }
--- a/gcc/testsuite/gcc.dg/Wuse-after-free.c
+++ b/gcc/testsuite/gcc.dg/Wuse-after-free.c
@ -0,0 +1,41 @@
+/* PR middle-end/104069 - -Werror=use-after-free false positive on
+   elfutils-0.186
+   { dg-do compile }
+   { dg-options "-Wall" } */
+
+typedef __SIZE_TYPE__ size_t;
+
+extern void* realloc (void *, size_t);
+
+void* __libdw_unzstd (size_t todo)
+{
+  void *sb = 0;
+
+  for ( ; ; )
+    {
+      // Ran only once.
+      if (!sb)
+	{
+	  char *b = realloc (sb, todo);
+	  if (!b)
+	    break;
+
+	  sb = b;
+	}
+
+      todo -= 1;
+      if (todo == 0)
+	break;
+    }
+
+  // Shrink buffer: leave only one byte for simplicity.
+  char *b = realloc (sb, 1);
+  if (b)
+    sb = b;
+  else
+    {
+      // Realloc failed mysteriously, leave 'sb' untouched.
+    }
+
+  return sb;        // { dg-bogus "-Wuse-after-free" }
+}