From 11a4714860d2df6ba496d55379e7dc702d5fc425 Mon Sep 17 00:00:00 2001
From: Richard Biener <rguenther@suse.de>
Date: Fri, 15 Oct 2021 08:41:57 +0200
Subject: [PATCH] ipa/102762 - fix ICE with invalid __builtin_va_arg_pack ()
 use

We have to be careful to not break the argument space calculation.
If there's not enough arguments just do not append any.

2021-10-15  Richard Biener  <rguenther@suse.de>

	PR ipa/102762
	* tree-inline.c (copy_bb): Avoid underflowing nargs.

	* gcc.dg/torture/pr102762.c: New testcase.
---
 gcc/testsuite/gcc.dg/torture/pr102762.c | 11 +++++++++++
 gcc/tree-inline.c                       |  8 +++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.dg/torture/pr102762.c

diff --git a/gcc/testsuite/gcc.dg/torture/pr102762.c b/gcc/testsuite/gcc.dg/torture/pr102762.c
new file mode 100644
index 00000000000..67c6b00ccea
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr102762.c
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* We fail to diagnose the invalid __builtin_va_arg_pack use with -flto.  */
+/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */
+
+void log_bad_request();
+void foo(a, b)
+     int a, b;
+{
+  log_bad_request(0, __builtin_va_arg_pack());  /* { dg-error "invalid use" } */
+  foo(0);
+}
diff --git a/gcc/tree-inline.c b/gcc/tree-inline.c
index e292a144967..b2c58ac4c3b 100644
--- a/gcc/tree-inline.c
+++ b/gcc/tree-inline.c
@@ -2117,7 +2117,13 @@ copy_bb (copy_body_data *id, basic_block bb,
 	      size_t nargs = nargs_caller;
 
 	      for (p = DECL_ARGUMENTS (id->src_fn); p; p = DECL_CHAIN (p))
-		nargs--;
+		{
+		  /* Avoid crashing on invalid IL that doesn't have a
+		     varargs function or that passes not enough arguments.  */
+		  if (nargs == 0)
+		    break;
+		  nargs--;
+		}
 
 	      /* Create the new array of arguments.  */
 	      size_t nargs_callee = gimple_call_num_args (call_stmt);