From f31a8339835b2dda14b622cf35555ea666966a9a Mon Sep 17 00:00:00 2001
From: Jakub Jelinek <jakub@redhat.com>
Date: Tue, 13 Jun 2017 22:05:20 +0200
Subject: [PATCH] re PR sanitizer/80973 (ICE with lambda and
 -fsanitize=undefined)

	PR c++/80973
	* cp-gimplify.c (cp_genericize_r): Don't instrument MEM_REF second
	argument even if it has REFERENCE_TYPE.

	* g++.dg/ubsan/pr80973.C: New test.

From-SVN: r249174
---
 gcc/cp/ChangeLog                     |  4 ++++
 gcc/cp/cp-gimplify.c                 | 10 ++++++++++
 gcc/testsuite/ChangeLog              |  3 +++
 gcc/testsuite/g++.dg/ubsan/pr80973.C | 16 ++++++++++++++++
 4 files changed, 33 insertions(+)
 create mode 100644 gcc/testsuite/g++.dg/ubsan/pr80973.C

diff --git a/gcc/cp/ChangeLog b/gcc/cp/ChangeLog
index ae91a9ddbf6..ca0f9b20014 100644
--- a/gcc/cp/ChangeLog
+++ b/gcc/cp/ChangeLog
@@ -1,5 +1,9 @@
 2017-06-13  Jakub Jelinek  <jakub@redhat.com>
 
+	PR c++/80973
+	* cp-gimplify.c (cp_genericize_r): Don't instrument MEM_REF second
+	argument even if it has REFERENCE_TYPE.
+
 	PR c++/80984
 	* cp-gimplify.c (cp_genericize): Only look for VAR_DECLs in
 	BLOCK_VARS (outer) chain.
diff --git a/gcc/cp/cp-gimplify.c b/gcc/cp/cp-gimplify.c
index d5462087598..a0abd51440d 100644
--- a/gcc/cp/cp-gimplify.c
+++ b/gcc/cp/cp-gimplify.c
@@ -1450,6 +1450,16 @@ cp_genericize_r (tree *stmt_p, int *walk_subtrees, void *data)
       *stmt_p = cplus_expand_constant (stmt);
       *walk_subtrees = 0;
     }
+  else if (TREE_CODE (stmt) == MEM_REF)
+    {
+      /* For MEM_REF, make sure not to sanitize the second operand even
+         if it has reference type.  It is just an offset with a type
+	 holding other information.  There is no other processing we
+	 need to do for INTEGER_CSTs, so just ignore the second argument
+	 unconditionally.  */
+      cp_walk_tree (&TREE_OPERAND (stmt, 0), cp_genericize_r, data, NULL);
+      *walk_subtrees = 0;
+    }
   else if (sanitize_flags_p ((SANITIZE_NULL
 			      | SANITIZE_ALIGNMENT | SANITIZE_VPTR))
 	   && !wtd->no_sanitize_p)
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 5164fa987b8..f32b8c82586 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,5 +1,8 @@
 2017-06-13  Jakub Jelinek  <jakub@redhat.com>
 
+	PR c++/80973
+	* g++.dg/ubsan/pr80973.C: New test.
+
 	PR c++/80984
 	* g++.dg/opt/nrv18.C: New test.
 
diff --git a/gcc/testsuite/g++.dg/ubsan/pr80973.C b/gcc/testsuite/g++.dg/ubsan/pr80973.C
new file mode 100644
index 00000000000..b534fdbab6f
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/pr80973.C
@@ -0,0 +1,16 @@
+// PR c++/80973
+// { dg-do compile }
+// { dg-options "-fsanitize=undefined -std=c++14" }
+
+struct A {
+  A();
+  A(const A &);
+};
+struct B {
+  B();
+  template <typename... Args> auto g(Args &&... p1) {
+    return [=] { f(p1...); };
+  }
+  void f(A, const char *);
+};
+B::B() { g(A(), ""); }
-- 
2.30.2