[libcxxabi] r309520 - [demangler] Fix some bugs in r309340 found by oss-fuzz
Erik Pilkington via cfe-commits
cfe-commits at lists.llvm.org
Sun Jul 30 13:09:55 PDT 2017
Author: epilk
Date: Sun Jul 30 13:09:55 2017
New Revision: 309520
URL: http://llvm.org/viewvc/llvm-project?rev=309520&view=rev
Log:
[demangler] Fix some bugs in r309340 found by oss-fuzz
Modified:
libcxxabi/trunk/src/cxa_demangle.cpp
libcxxabi/trunk/test/test_demangle.pass.cpp
Modified: libcxxabi/trunk/src/cxa_demangle.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/src/cxa_demangle.cpp?rev=309520&r1=309519&r2=309520&view=diff
==============================================================================
--- libcxxabi/trunk/src/cxa_demangle.cpp (original)
+++ libcxxabi/trunk/src/cxa_demangle.cpp Sun Jul 30 13:09:55 2017
@@ -2871,7 +2871,7 @@ parse_new_expr(const char* first, const
return first;
t = t1;
}
- if (first_expr_in_list < db.names.size())
+ if (first_expr_in_list > db.names.size())
return first;
ExprList = db.popTrailingNodeArray(first_expr_in_list);
++t;
@@ -2892,7 +2892,7 @@ parse_new_expr(const char* first, const
return first;
t = t1;
}
- if (init_list_begin < db.names.size())
+ if (init_list_begin > db.names.size())
return first;
init_list = db.popTrailingNodeArray(init_list_begin);
}
@@ -2924,7 +2924,7 @@ parse_conversion_expr(const char* first,
db.try_to_parse_template_args = try_to_parse_template_args;
if (t != first+2 && t != last)
{
- size_t ExprList_begin = db.names.size();
+ size_t expr_list_begin = db.names.size();
if (*t != '_')
{
const char* t1 = parse_expression(t, last, db);
@@ -2949,13 +2949,14 @@ parse_conversion_expr(const char* first,
}
++t;
}
- if (db.names.size() < ExprList_begin)
+ if (db.names.size() < expr_list_begin ||
+ type_begin > expr_list_begin)
return first;
NodeArray expressions = db.makeNodeArray(
- db.names.begin() + (long)ExprList_begin, db.names.end());
+ db.names.begin() + (long)expr_list_begin, db.names.end());
NodeArray types = db.makeNodeArray(
db.names.begin() + (long)type_begin,
- db.names.begin() + (long)ExprList_begin);
+ db.names.begin() + (long)expr_list_begin);
auto* conv_expr = db.make<ConversionExpr>(
types, expressions);
db.names.erase(
@@ -3057,7 +3058,7 @@ parse_function_type(const char* first, c
return first;
t = t1;
}
- if (db.names.empty())
+ if (db.names.empty() || params_begin > db.names.size())
return first;
Node* fty = db.make<FunctionType>(
ret_type, db.popTrailingNodeArray(params_begin));
@@ -5140,6 +5141,8 @@ parse_template_args(const char* first, c
}
t = t1;
}
+ if (begin_idx > db.names.size())
+ return first;
first = t + 1;
TemplateParams* tp = db.make<TemplateParams>(
db.popTrailingNodeArray(begin_idx));
@@ -5207,6 +5210,8 @@ parse_nested_name(const char* first, con
t1 = parse_substitution(t0, last, db);
if (t1 != t0 && t1 != last)
{
+ if (db.names.size() < 2)
+ return first;
auto name = db.names.back();
db.names.pop_back();
if (db.names.back()->K != Node::KEmptyName)
@@ -5229,6 +5234,8 @@ parse_nested_name(const char* first, con
t1 = parse_template_param(t0, last, db);
if (t1 != t0 && t1 != last)
{
+ if (db.names.size() < 2)
+ return first;
auto name = db.names.back();
db.names.pop_back();
if (db.names.back()->K != Node::KEmptyName)
@@ -5249,6 +5256,8 @@ parse_nested_name(const char* first, con
t1 = parse_decltype(t0, last, db);
if (t1 != t0 && t1 != last)
{
+ if (db.names.size() < 2)
+ return first;
auto name = db.names.back();
db.names.pop_back();
if (db.names.back()->K != Node::KEmptyName)
@@ -5267,6 +5276,8 @@ parse_nested_name(const char* first, con
t1 = parse_template_args(t0, last, db);
if (t1 != t0 && t1 != last)
{
+ if (db.names.size() < 2)
+ return first;
auto name = db.names.back();
db.names.pop_back();
db.names.back() = db.make<NameWithTemplateArgs>(
@@ -5288,6 +5299,8 @@ parse_nested_name(const char* first, con
t1 = parse_unqualified_name(t0, last, db);
if (t1 != t0 && t1 != last)
{
+ if (db.names.size() < 2)
+ return first;
auto name = db.names.back();
db.names.pop_back();
if (db.names.back()->K != Node::KEmptyName)
Modified: libcxxabi/trunk/test/test_demangle.pass.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/test/test_demangle.pass.cpp?rev=309520&r1=309519&r2=309520&view=diff
==============================================================================
--- libcxxabi/trunk/test/test_demangle.pass.cpp (original)
+++ libcxxabi/trunk/test/test_demangle.pass.cpp Sun Jul 30 13:09:55 2017
@@ -29669,6 +29669,13 @@ const char* invalid_cases[] =
"Z1JIJ1_T_EE3o00EUlT_E0",
"___Z2i_D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
"ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_Dv_Dv_Dv_Dv_dZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_Dv_Dv_Dv_Dv_d",
+ "Z1 Z1 IJEEAcvZcvT_EcvT_T_",
+ "T_IZaaIJEEAnaaaT_T__",
+ "PT_IJPNT_IJEET_T_T_T_)J)JKE",
+ "1 IJEVNT_T_T_EE",
+ "AT__ZSiIJEEAnwscT_T__",
+ "FSiIJEENT_IoE ",
+ "ZTVSiIZTVSiIZTVSiIZTVSiINIJEET_T_T_T_T_ ",
};
const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);
More information about the cfe-commits
mailing list