compiler: fix null-dereference on invalid len() arg.

[pf3gnuchains/gcc-fork.git] / gcc / tree-dfa.c

diff --git a/gcc/tree-dfa.c b/gcc/tree-dfa.c
index 70e3c1d..0ecec81 100644 (file)
--- a/gcc/tree-dfa.c
+++ b/gcc/tree-dfa.c
@@ -113,8 +113,8 @@ struct gimple_opt_pass pass_referenced_vars =
   PROP_gimple_leh | PROP_cfg,          /* properties_required */
   PROP_referenced_vars,                        /* properties_provided */
   0,                                   /* properties_destroyed */
-  TODO_dump_func,                      /* todo_flags_start */
-  TODO_dump_func                        /* todo_flags_finish */
+  0,                                   /* todo_flags_start */
+  0                                     /* todo_flags_finish */
  }
 };
 
@@ -580,8 +580,9 @@ set_default_def (tree var, tree def)
 bool
 add_referenced_var (tree var)
 {
-  get_var_ann (var);
   gcc_assert (DECL_P (var));
+  if (!*DECL_VAR_ANN_PTR (var))
+    create_var_ann (var);
 
   /* Insert VAR into the referenced_vars hash table if it isn't present.  */
   if (referenced_var_check_and_insert (var))
@@ -714,6 +715,7 @@ get_ref_base_and_extent (tree exp, HOST_WIDE_INT *poffset,
   tree size_tree = NULL_TREE;
   HOST_WIDE_INT bit_offset = 0;
   bool seen_variable_array_ref = false;
+  tree base_type;
 
   /* First get the final access size from just the outermost expression.  */
   if (TREE_CODE (exp) == COMPONENT_REF)
@@ -744,6 +746,8 @@ get_ref_base_and_extent (tree exp, HOST_WIDE_INT *poffset,
      and find the ultimate containing object.  */
   while (1)
     {
+      base_type = TREE_TYPE (exp);
+
       switch (TREE_CODE (exp))
        {
        case BIT_FIELD_REF:
@@ -931,9 +935,16 @@ get_ref_base_and_extent (tree exp, HOST_WIDE_INT *poffset,
      the array.  The simplest way to conservatively deal with this
      is to punt in the case that offset + maxsize reaches the
      base type boundary.  This needs to include possible trailing padding
-     that is there for alignment purposes.
+     that is there for alignment purposes.  */
+
+  if (seen_variable_array_ref
+      && maxsize != -1
+      && (!host_integerp (TYPE_SIZE (base_type), 1)
+         || (bit_offset + maxsize
+             == (signed) TREE_INT_CST_LOW (TYPE_SIZE (base_type)))))
+    maxsize = -1;
 
-     That is of course only true if the base object is not a decl.  */
+  /* In case of a decl or constant base object we can do better.  */
 
   if (DECL_P (exp))
     {
@@ -943,12 +954,14 @@ get_ref_base_and_extent (tree exp, HOST_WIDE_INT *poffset,
          && host_integerp (DECL_SIZE (exp), 1))
        maxsize = TREE_INT_CST_LOW (DECL_SIZE (exp)) - bit_offset;
     }
-  else if (seen_variable_array_ref
-          && maxsize != -1
-          && (!host_integerp (TYPE_SIZE (TREE_TYPE (exp)), 1)
-              || (bit_offset + maxsize
-                  == (signed) TREE_INT_CST_LOW (TYPE_SIZE (TREE_TYPE (exp))))))
-    maxsize = -1;
+  else if (CONSTANT_CLASS_P (exp))
+    {
+      /* If maxsize is unknown adjust it according to the size of the
+         base type constant.  */
+      if (maxsize == -1
+         && host_integerp (TYPE_SIZE (TREE_TYPE (exp)), 1))
+       maxsize = TREE_INT_CST_LOW (TYPE_SIZE (TREE_TYPE (exp))) - bit_offset;
+    }
 
   /* ???  Due to negative offsets in ARRAY_REF we can end up with
      negative bit_offset here.  We might want to store a zero offset
@@ -988,4 +1001,3 @@ stmt_references_abnormal_ssa_name (gimple stmt)
 
   return false;
 }
-