From 885143fa77599c44bfdd4e8e6b6987b7824db6ba Mon Sep 17 00:00:00 2001
From: Jakub Jelinek <jakub@redhat.com>
Date: Thu, 24 Oct 2024 12:45:34 +0200
Subject: [PATCH] asan: Fix up build_check_stmt gsi handling [PR117209]

gsi_safe_insert_before properly updates gsi_bb in gimple_stmt_iterator
in case it splits objects, but unfortunately build_check_stmt was in
some places (but not others) using a copy of the iterator rather than
the iterator passed from callers and so didn't propagate that to callers.
I guess it didn't matter much before when it was just using
gsi_insert_before as that really didn't change the iterator.
The !before_p case is apparently dead code, nothing is calling it with
before_p=false since around 4.9.

2024-10-24  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/117209
	* asan.cc (maybe_cast_to_ptrmode): Formatting fix.
	(build_check_stmt): Don't copy *iter into gsi, perform all
	the updates on iter directly.

	* gcc.dg/asan/pr117209.c: New test.
---
 gcc/asan.cc                          | 14 +++++---------
 gcc/testsuite/gcc.dg/asan/pr117209.c | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 9 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr117209.c

diff --git a/gcc/asan.cc b/gcc/asan.cc
index 5f262d54a3ac..bc92d9c7a792 100644
--- a/gcc/asan.cc
+++ b/gcc/asan.cc
@@ -2610,7 +2610,7 @@ maybe_cast_to_ptrmode (location_t loc, tree len, gimple_stmt_iterator *iter,
   if (ptrofftype_p (len))
     return len;
   gimple *g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
-				  NOP_EXPR, len);
+				   NOP_EXPR, len);
   gimple_set_location (g, loc);
   if (before_p)
     gsi_safe_insert_before (iter, g);
@@ -2644,16 +2644,13 @@ build_check_stmt (location_t loc, tree base, tree len,
 		  bool is_non_zero_len, bool before_p, bool is_store,
 		  bool is_scalar_access, unsigned int align = 0)
 {
-  gimple_stmt_iterator gsi = *iter;
   gimple *g;
 
   gcc_assert (!(size_in_bytes > 0 && !is_non_zero_len));
   gcc_assert (size_in_bytes == -1 || size_in_bytes >= 1);
 
-  gsi = *iter;
-
   base = unshare_expr (base);
-  base = maybe_create_ssa_name (loc, base, &gsi, before_p);
+  base = maybe_create_ssa_name (loc, base, iter, before_p);
 
   if (len)
     {
@@ -2704,12 +2701,11 @@ build_check_stmt (location_t loc, tree base, tree len,
 						 align / BITS_PER_UNIT));
   gimple_set_location (g, loc);
   if (before_p)
-    gsi_safe_insert_before (&gsi, g);
+    gsi_safe_insert_before (iter, g);
   else
     {
-      gsi_insert_after (&gsi, g, GSI_NEW_STMT);
-      gsi_next (&gsi);
-      *iter = gsi;
+      gsi_insert_after (iter, g, GSI_NEW_STMT);
+      gsi_next (iter);
     }
 }
 
diff --git a/gcc/testsuite/gcc.dg/asan/pr117209.c b/gcc/testsuite/gcc.dg/asan/pr117209.c
new file mode 100644
index 000000000000..34c71ba260b3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr117209.c
@@ -0,0 +1,15 @@
+/* PR sanitizer/117209 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=address" } */
+
+struct A { char a; };
+void foo (void);
+__attribute__((returns_twice, const)) int bar (struct A);
+
+void
+baz (struct A *x, int *y, int z)
+{
+  if (z)
+    foo (); 
+  *y = bar (*x);
+}
-- 
GitLab