From a09581b84eea893c779a8422abecc95d1262f344 Mon Sep 17 00:00:00 2001
From: Stephen Heumann <stephenheumann@gmail.com>
Date: Mon, 16 Dec 2019 17:13:14 -0600
Subject: [PATCH] Fix crash or error in certain cases when using common
 subexpression elimination.

In certain rare cases, constant subexpression elimination could set the left subtree of a pc_bno operation in the intermediate code to nil. This could lead to null pointer dereferences, sometimes resulting in a crash or error during native code generation.

The below program sometimes demonstrates the problem (dependent on zero page contents):

#pragma optimize 16
struct F {int *p;};
void foo(struct F* f)
{
    struct {int c;} s = {0};
    ++f->p;
    s.c |= *--f->p;
}
---
 DAG.pas | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/DAG.pas b/DAG.pas
index 901b49b..9def4bf 100644
--- a/DAG.pas
+++ b/DAG.pas
@@ -2531,6 +2531,11 @@ var
             end {if}
          else
             op2 := op3^.left;
+         if op2 = nil then begin
+            op2 := pointer(Calloc(sizeof(intermediate_code)));
+            op2^.opcode := pc_nop;
+            op2^.optype := cgWord;
+            end; {if}
          op1^.left := op3;			{place in the new location}
          end; {Combine}