<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">This fixes all the crashers on Darwin (clang+libc++), that I could reproduce with ASAN+libFuzzer.<div class="">It does not mean that there is no leaks, or that you won’t find more crashes with libstdc++ for instance.</div><div class=""><br class=""></div><div class="">— </div><div class="">Mehdi</div><div class=""><br class=""><div class=""><div><blockquote type="cite" class=""><div class="">On Aug 12, 2016, at 5:21 PM, Kostya Serebryany <<a href="mailto:kcc@google.com" class="">kcc@google.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Sweet! <div class="">Did you fix all of the known crashers? </div><div class=""><br class=""></div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Aug 12, 2016 at 5:02 PM, Mehdi Amini via cfe-commits <span dir="ltr" class=""><<a href="mailto:cfe-commits@lists.llvm.org" target="_blank" class="">cfe-commits@lists.llvm.org</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: mehdi_amini<br class="">
Date: Fri Aug 12 19:02:33 2016<br class="">
New Revision: 278579<br class="">
<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=278579&view=rev" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-<wbr class="">project?rev=278579&view=rev</a><br class="">
Log:<br class="">
Fix ASAN failures in the demangler<br class="">
<br class="">
These were found fuzzing with ASAN.<br class="">
<br class="">
Modified:<br class="">
libcxxabi/trunk/src/cxa_<wbr class="">demangle.cpp<br class="">
libcxxabi/trunk/test/test_<wbr class="">demangle.pass.cpp<br class="">
<br class="">
Modified: libcxxabi/trunk/src/cxa_<wbr class="">demangle.cpp<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/src/cxa_demangle.cpp?rev=278579&r1=278578&r2=278579&view=diff" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-<wbr class="">project/libcxxabi/trunk/src/<wbr class="">cxa_demangle.cpp?rev=278579&<wbr class="">r1=278578&r2=278579&view=diff</a><br class="">
==============================<wbr class="">==============================<wbr class="">==================<br class="">
--- libcxxabi/trunk/src/cxa_<wbr class="">demangle.cpp (original)<br class="">
+++ libcxxabi/trunk/src/cxa_<wbr class="">demangle.cpp Fri Aug 12 19:02:33 2016<br class="">
@@ -624,6 +624,8 @@ parse_const_cast_expr(const char* first,<br class="">
return first;<br class="">
auto expr = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back() = "const_cast<" + db.names.back().move_full() + ">(" + expr + ")";<br class="">
first = t1;<br class="">
}<br class="">
@@ -650,6 +652,8 @@ parse_dynamic_cast_expr(const char* firs<br class="">
return first;<br class="">
auto expr = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back() = "dynamic_cast<" + db.names.back().move_full() + ">(" + expr + ")";<br class="">
first = t1;<br class="">
}<br class="">
@@ -676,6 +680,8 @@ parse_reinterpret_cast_expr(<wbr class="">const char*<br class="">
return first;<br class="">
auto expr = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back() = "reinterpret_cast<" + db.names.back().move_full() + ">(" + expr + ")";<br class="">
first = t1;<br class="">
}<br class="">
@@ -1294,6 +1300,8 @@ parse_dot_expr(const char* first, const<br class="">
return first;<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first += "." + name;<br class="">
first = t1;<br class="">
}<br class="">
@@ -2896,6 +2904,8 @@ base_name(String& s)<br class="">
++c;<br class="">
}<br class="">
}<br class="">
+ if (pe - pf <= 1)<br class="">
+ return String();<br class="">
const char* p0 = pe - 1;<br class="">
for (; p0 != pf; --p0)<br class="">
{<br class="">
@@ -3016,7 +3026,8 @@ parse_unnamed_type_name(const char* firs<br class="">
const char* t1 = parse_type(t0, last, db);<br class="">
if (t1 == t0)<br class="">
{<br class="">
- db.names.pop_back();<br class="">
+ if(!db.names.empty())<br class="">
+ db.names.pop_back();<br class="">
return first;<br class="">
}<br class="">
if (db.names.size() < 2)<br class="">
@@ -3041,17 +3052,21 @@ parse_unnamed_type_name(const char* firs<br class="">
}<br class="">
t0 = t1;<br class="">
}<br class="">
+ if(db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first.append("<wbr class="">)");<br class="">
}<br class="">
if (t0 == last || *t0 != 'E')<br class="">
{<br class="">
+ if(!db.names.empty())<br class="">
db.names.pop_back();<br class="">
return first;<br class="">
}<br class="">
++t0;<br class="">
if (t0 == last)<br class="">
{<br class="">
- db.names.pop_back();<br class="">
+ if(!db.names.empty())<br class="">
+ db.names.pop_back();<br class="">
return first;<br class="">
}<br class="">
if (std::isdigit(*t0))<br class="">
@@ -3064,7 +3079,8 @@ parse_unnamed_type_name(const char* firs<br class="">
}<br class="">
if (t0 == last || *t0 != '_')<br class="">
{<br class="">
- db.names.pop_back();<br class="">
+ if(!db.names.empty())<br class="">
+ db.names.pop_back();<br class="">
return first;<br class="">
}<br class="">
first = t0 + 1;<br class="">
@@ -3251,7 +3267,7 @@ parse_binary_expression(const char* firs<br class="">
nm += ')';<br class="">
first = t2;<br class="">
}<br class="">
- else<br class="">
+ else if(!db.names.empty())<br class="">
db.names.pop_back();<br class="">
}<br class="">
return first;<br class="">
@@ -3490,7 +3506,7 @@ parse_expression(const char* first, cons<br class="">
db.names.back() = "(" + op1 + ")[" + op2 + "]";<br class="">
first = t2;<br class="">
}<br class="">
- else<br class="">
+ else if (!db.names.empty())<br class="">
db.names.pop_back();<br class="">
}<br class="">
}<br class="">
@@ -3686,11 +3702,13 @@ parse_expression(const char* first, cons<br class="">
}<br class="">
else<br class="">
{<br class="">
+ if (db.names.size() < 2)<br class="">
+ return first;<br class="">
db.names.pop_back();<br class="">
db.names.pop_back();<br class="">
}<br class="">
}<br class="">
- else<br class="">
+ else if (!db.names.empty())<br class="">
db.names.pop_back();<br class="">
}<br class="">
}<br class="">
@@ -3879,8 +3897,9 @@ parse_template_args(const char* first, c<br class="">
args += ", ";<br class="">
args += db.names[k].move_full();<br class="">
}<br class="">
- for (; k1 != k0; --k1)<br class="">
- db.names.pop_back();<br class="">
+ for (; k1 > k0; --k1)<br class="">
+ if (!db.names.empty())<br class="">
+ db.names.pop_back();<br class="">
t = t1;<br class="">
}<br class="">
first = t + 1;<br class="">
@@ -3959,6 +3978,8 @@ parse_nested_name(const char* first, con<br class="">
{<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
if (!db.names.back().first.empty(<wbr class="">))<br class="">
{<br class="">
db.names.back().first += "::" + name;<br class="">
@@ -3978,6 +3999,8 @@ parse_nested_name(const char* first, con<br class="">
{<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
if (!db.names.back().first.empty(<wbr class="">))<br class="">
db.names.back().first += "::" + name;<br class="">
else<br class="">
@@ -3997,6 +4020,8 @@ parse_nested_name(const char* first, con<br class="">
{<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
if (!db.names.back().first.empty(<wbr class="">))<br class="">
db.names.back().first += "::" + name;<br class="">
else<br class="">
@@ -4014,6 +4039,8 @@ parse_nested_name(const char* first, con<br class="">
{<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first += name;<br class="">
db.subs.push_back(typename C::sub_type(1, db.names.back(), db.names.get_allocator()));<br class="">
t0 = t1;<br class="">
@@ -4033,6 +4060,8 @@ parse_nested_name(const char* first, con<br class="">
{<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
if (!db.names.back().first.empty(<wbr class="">))<br class="">
db.names.back().first += "::" + name;<br class="">
else<br class="">
@@ -4130,11 +4159,13 @@ parse_local_name(const char* first, cons<br class="">
return first;<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first.append("<wbr class="">::");<br class="">
db.names.back().first.append(<wbr class="">name);<br class="">
first = t1;<br class="">
}<br class="">
- else<br class="">
+ else if (!db.names.empty())<br class="">
db.names.pop_back();<br class="">
}<br class="">
}<br class="">
@@ -4151,10 +4182,12 @@ parse_local_name(const char* first, cons<br class="">
return first;<br class="">
auto name = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first.append("<wbr class="">::");<br class="">
db.names.back().first.append(<wbr class="">name);<br class="">
}<br class="">
- else<br class="">
+ else if (!db.names.empty())<br class="">
db.names.pop_back();<br class="">
}<br class="">
break;<br class="">
@@ -4219,6 +4252,8 @@ parse_name(const char* first, const char<br class="">
return first;<br class="">
auto tmp = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first += tmp;<br class="">
first = t1;<br class="">
if (ends_with_template_args)<br class="">
@@ -4241,6 +4276,8 @@ parse_name(const char* first, const char<br class="">
return first;<br class="">
auto tmp = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first += tmp;<br class="">
first = t1;<br class="">
if (ends_with_template_args)<br class="">
@@ -4399,6 +4436,8 @@ parse_special_name(const char* first, co<br class="">
return first;<br class="">
auto left = db.names.back().move_full();<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.back().first = "construction vtable for " +<br class="">
std::move(left) + "-in-" +<br class="">
db.names.back().move_full();<br class="">
@@ -4538,6 +4577,9 @@ parse_encoding(const char* first, const<br class="">
if (ret2.empty())<br class="">
ret1 += ' ';<br class="">
db.names.pop_back();<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
+<br class="">
db.names.back().first.insert(<wbr class="">0, ret1);<br class="">
t = t2;<br class="">
}<br class="">
@@ -4565,8 +4607,11 @@ parse_encoding(const char* first, const<br class="">
tmp += ", ";<br class="">
tmp += db.names[k].move_full();<br class="">
}<br class="">
- for (size_t k = k0; k < k1; ++k)<br class="">
+ for (size_t k = k0; k < k1; ++k) {<br class="">
+ if (db.names.empty())<br class="">
+ return first;<br class="">
db.names.pop_back();<br class="">
+ }<br class="">
if (!tmp.empty())<br class="">
{<br class="">
if (db.names.empty())<br class="">
<br class="">
Modified: libcxxabi/trunk/test/test_<wbr class="">demangle.pass.cpp<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/test/test_demangle.pass.cpp?rev=278579&r1=278578&r2=278579&view=diff" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-<wbr class="">project/libcxxabi/trunk/test/<wbr class="">test_demangle.pass.cpp?rev=<wbr class="">278579&r1=278578&r2=278579&<wbr class="">view=diff</a><br class="">
==============================<wbr class="">==============================<wbr class="">==================<br class="">
--- libcxxabi/trunk/test/test_<wbr class="">demangle.pass.cpp (original)<br class="">
+++ libcxxabi/trunk/test/test_<wbr class="">demangle.pass.cpp Fri Aug 12 19:02:33 2016<br class="">
@@ -29591,6 +29591,7 @@ const char* cases[][2] =<br class="">
{"_ZZ4testvEN1g3fooE5Point", "test()::g::foo(Point)"},<br class="">
{"_ZThn12_NSt9strstreamD0Ev", "non-virtual thunk to std::strstream::~strstream()"}<wbr class="">,<br class="">
{"_ZTv0_n12_NSt9strstreamD0Ev"<wbr class="">, "virtual thunk to std::strstream::~strstream()"}<wbr class="">,<br class="">
+ {"\x6D", "unsigned long"}, // This use to crash with ASAN<br class="">
};<br class="">
<br class="">
const unsigned N = sizeof(cases) / sizeof(cases[0]);<br class="">
@@ -29636,6 +29637,21 @@ const char* invalid_cases[] =<br class="">
#if !LDBL_FP80<br class="">
"_ZN5test01hIfEEvRAcvjplstT_<wbr class="">Le4001a000000000000000E_c",<br class="">
#endif<br class="">
+ // The following test cases were found by libFuzzer+ASAN<br class="">
+ "\x44\x74\x70\x74\x71\x75\x34\<wbr class="">x43\x41\x72\x4D\x6E\x65\x34\<wbr class="">x9F\xC1\x43\x41\x72\x4D\x6E\<wbr class="">x77\x38\x9A\x8E\x44\x6F\x64\<wbr class="">x6C\x53\xF9\x5F\x70\x74\x70\<wbr class="">x69\x45\x34\xD3\x73\x9E\x2A\<wbr class="">x37",<br class="">
+ "\x4D\x41\x72\x63\x4E\x39\x44\<wbr class="">x76\x72\x4D\x34\x44\x53\x4B\<wbr class="">x6F\x44\x54\x6E\x61\x37\x47\<wbr class="">x77\x78\x38\x43\x27\x41\x5F\<wbr class="">x73\x70\x69\x45*",<br class="">
+ "\x41\x64\x6E\x32*",<br class="">
+ "\x43\x46\x41\x67\x73*",<br class="">
+ "\x72\x3A\x4E\x53\x64\x45\x39\<wbr class="">x4F\x52\x4E\x1F\x43\x34\x64\<wbr class="">x54\x5F\x49\x31\x41\x63\x6C\<wbr class="">x37\x2A\x4D\x41\x67\x73\x76\<wbr class="">x43\x54\x35\x5F\x49\x4B\x4C\<wbr class="">x55\x6C\x73\x4C\x38\x64\x43\<wbr class="">x41\x47\x4C\x5A\x28\x4F\x41\<wbr class="">x6E\x77\x5F\x53\x6F\x70\x69\<wbr class="">x45\x5F\x63\x47\x61\x4C\x31\<wbr class="">x4F\x4C\x33\x3E\x41\x4C\x4B\<wbr class="">x4C\x55\x6C\x73\x4C\x38\x64\<wbr class="">x43\x66\x41\x47\x4C\x5A\x28\<wbr class="">x4F\x41\x6E\x77\x5F\x53\x6F\<wbr class="">x70\x69\x45\x5F\x37\x41*",<br class="">
+ "\x2D\x5F\x63\x47\x4F\x63\xD3"<wbr class="">,<br class="">
+ "\x44\x74\x70\x74\x71\x75\x32\<wbr class="">x43\x41\x38\x65\x6E\x9B\x72\<wbr class="">x4D\xC1\x43\x41\x72\x4D\x6E\<wbr class="">x77\x38\x9A\x8E\x44\x6F\x64\<wbr class="">xC3\x53\xF9\x5F\x70\x74\x70\<wbr class="">x69\x45\x38\xD3\x73\x9E\x2A\<wbr class="">x37",<br class="">
+ "\x4C\x5A\x4C\x55\x6C\x4D\x41\<wbr class="">x5F\x41\x67\x74\x71\x75\x34\<wbr class="">x4D\x41\x64\x73\x4C\x44\x76\<wbr class="">x72\x4D\x34\x44\x4B\x44\x54\<wbr class="">x6E\x61\x37\x47\x77\x78\x38\<wbr class="">x43\x27\x41\x5F\x73\x70\x69\<wbr class="">x45\x6D\x73\x72\x53\x41\x6F\<wbr class="">x41\x7B",<br class="">
+ "\x44\x74\x70\x74\x71\x75\x32\<wbr class="">x43\x41\x38\x65\x6E\x9B\x72\<wbr class="">x4D\xC1\x43\x41\x72\x4D\x6E\<wbr class="">x77\x38\x9A\x8E\x44\x6F\x64\<wbr class="">x2C\x53\xF9\x5F\x70\x74\x70\<wbr class="">x69\x45\xB4\xD3\x73\x9F\x2A\<wbr class="">x37",<br class="">
+ "\x4C\x5A\x4C\x55\x6C\x69\x4D\<wbr class="">x73\x72\x53\x6F\x7A\x41\x5F\<wbr class="">x41\x67\x74\x71\x75\x32\x4D\<wbr class="">x41\x64\x73\x39\x28\x76\x72\<wbr class="">x4D\x34\x44\x4B\x45\x54\x6E\<wbr class="">x61\x37\x47\x77\x78\x38\x43\<wbr class="">x27\x41\x5F\x73\x70\x69\x45\<wbr class="">x6F\x45\x49\x6D\x1A\x4C\x53\<wbr class="">x38\x6A\x7A\x5A",<br class="">
+ "\x44\x74\x63*",<br class="">
+ "\x44\x74\x71\x75\x35\x2A\xDF\<wbr class="">x74\x44\x61\x73\x63\x35\x2A\<wbr class="">x3B\x41\x72\x4D\x6E\x65\x34\<wbr class="">x9F\xC1\x63\x41\x72\x4D\x6E\<wbr class="">x77\x38\x9A\x8E\x44\x6F\x64\<wbr class="">x6C\x53\xF9\x5F\x70\x74\x70\<wbr class="">x69\x45\x33\x44\x76\x35",<br class="">
+ "\x44\x74\x70\x74\x71\x75\x32\<wbr class="">x43\x41\x38\x65\x6E\x9B\x72\<wbr class="">x4D\xC1\x43\x41\x72\x4D\x6E\<wbr class="">x77\x38\x9A\x8E\x44\x6F\x64\<wbr class="">x6C\x53\xF9\x5F\x70\x74\x70\<wbr class="">x69\x45\x38\xD3\x73\x9E\x2A\<wbr class="">x37",<br class="">
+ "\x46\x44\x74\x70\x74\x71\x75\<wbr class="">x32\x43\x41\x72\x4D\x6E\x65\<wbr class="">x34\x9F\xC1\x43\x41\x72\x4D\<wbr class="">x6E\x77\x38\x9A\x8E\x44\x6F\<wbr class="">x64\x6C\x53\xF9\x5F\x70\x74\<wbr class="">x70\x69\x45\x34\xD3\x73\x9E\<wbr class="">x2A\x37\x72\x33\x8E\x3A\x29\<wbr class="">x8E\x44\x35",<br class="">
};<br class="">
<br class="">
const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);<br class="">
<br class="">
<br class="">
______________________________<wbr class="">_________________<br class="">
cfe-commits mailing list<br class="">
<a href="mailto:cfe-commits@lists.llvm.org" class="">cfe-commits@lists.llvm.org</a><br class="">
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank" class="">http://lists.llvm.org/cgi-bin/<wbr class="">mailman/listinfo/cfe-commits</a><br class="">
</blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></body></html>