backport: re PR sanitizer/80973 (ICE with lambda and -fsanitize=undefined)

Backported from mainline
	2017-06-13  Jakub Jelinek  <jakub@redhat.com>

	PR c++/80973
	* cp-gimplify.c (cp_genericize_r): Don't instrument MEM_REF second
	argument even if it has REFERENCE_TYPE.

	* g++.dg/ubsan/pr80973.C: New test.

From-SVN: r249479

gcc/cp/ChangeLog

@@ -3,6 +3,10 @@
 	Backported from mainline
 	2017-06-13  Jakub Jelinek  <jakub@redhat.com>
 
+	PR c++/80973
+	* cp-gimplify.c (cp_genericize_r): Don't instrument MEM_REF second
+	argument even if it has REFERENCE_TYPE.
+
 	PR c++/80984
 	* cp-gimplify.c (cp_genericize): Only look for VAR_DECLs in
 	BLOCK_VARS (outer) chain.

gcc/cp/cp-gimplify.c

@@ -1482,6 +1482,16 @@ cp_genericize_r (tree *stmt_p, int *walk_subtrees, void *data)
       *stmt_p = cplus_expand_constant (stmt);
       *walk_subtrees = 0;
     }
+  else if (TREE_CODE (stmt) == MEM_REF)
+    {
+      /* For MEM_REF, make sure not to sanitize the second operand even
+         if it has reference type.  It is just an offset with a type
+	 holding other information.  There is no other processing we
+	 need to do for INTEGER_CSTs, so just ignore the second argument
+	 unconditionally.  */
+      cp_walk_tree (&TREE_OPERAND (stmt, 0), cp_genericize_r, data, NULL);
+      *walk_subtrees = 0;
+    }
   else if ((flag_sanitize
 	    & (SANITIZE_NULL | SANITIZE_ALIGNMENT | SANITIZE_VPTR))
 	   && !wtd->no_sanitize_p)

gcc/testsuite/ChangeLog

@@ -3,6 +3,9 @@
 	Backported from mainline
 	2017-06-13  Jakub Jelinek  <jakub@redhat.com>
 
+	PR c++/80973
+	* g++.dg/ubsan/pr80973.C: New test.
+
 	PR c++/80984
 	* g++.dg/opt/nrv18.C: New test.
 

gcc/testsuite/g++.dg/ubsan/pr80973.C

@@ -0,0 +1,16 @@
+// PR c++/80973
+// { dg-do compile }
+// { dg-options "-fsanitize=undefined -std=c++14" }
+
+struct A {
+  A();
+  A(const A &);
+};
+struct B {
+  B();
+  template <typename... Args> auto g(Args &&... p1) {
+    return [=] { f(p1...); };
+  }
+  void f(A, const char *);
+};
+B::B() { g(A(), ""); }