2019-01-18  Jakub Jelinek  <jakub@redhat.com>

	PR sanitizer/88901
	* typeck.c (cp_build_binary_op): Don't instrument
	SANITIZE_POINTER_COMPARE if processing_template_decl.
	(pointer_diff): Similarly for SANITIZE_POINTER_SUBTRACT.

	* g++.dg/asan/pr88901.C: New test.

--- gcc/cp/typeck.c.jj	2019-01-18 09:13:58.580790058 +0100
+++ gcc/cp/typeck.c	2019-01-18 11:53:45.941734135 +0100
@@ -5233,6 +5233,7 @@ cp_build_binary_op (const op_location_t
 	}
 
       if ((code0 == POINTER_TYPE || code1 == POINTER_TYPE)
+	  && !processing_template_decl
 	  && sanitize_flags_p (SANITIZE_POINTER_COMPARE))
 	{
 	  op0 = save_expr (op0);
@@ -5650,7 +5651,8 @@ pointer_diff (location_t loc, tree op0,
   else
     inttype = restype;
 
-  if (sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
+  if (!processing_template_decl
+      && sanitize_flags_p (SANITIZE_POINTER_SUBTRACT))
     {
       op0 = save_expr (op0);
       op1 = save_expr (op1);
--- gcc/testsuite/g++.dg/asan/pr88901.C.jj	2019-01-18 11:55:42.398826983 +0100
+++ gcc/testsuite/g++.dg/asan/pr88901.C	2019-01-18 11:55:26.559086374 +0100
@@ -0,0 +1,13 @@
+// PR sanitizer/88901
+// { dg-do compile }
+// { dg-options "-fsanitize=address -fsanitize=pointer-compare" }
+
+template <typename T>
+struct A {
+  void foo() {
+    auto d = [](char *x, char *y) {
+      for (char *p = x; p + sizeof(T) <= y; p += sizeof(T))
+        reinterpret_cast<T *>(p)->~T();
+    };
+  }
+};