<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/129970>129970</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Can StringByteSize in demangleStringLiteral in MicrosoftDemangle.cpp overflow?
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          shafik
      </td>
    </tr>
</table>

<pre>
    A static analysis tool flagged this line for possible overflow:

https://github.com/llvm/llvm-project/blob/213028556419cb734be5aadcfd9798b40a8ebc31/llvm/lib/Demangle/MicrosoftDemangle.cpp#L1382

as a possible overflow risk. I can see that we used to check but switched to checking `MangledName.size() < 2` w/ this commit: a0ac65c98f281

The relationship between `MangledName.size()` and `StringByteSize` does not look like it is verified, although the assumption seems to be that it will at least as large as `MangledName.size()`.

The question is whether `StringByteSize` could ever have a value of `1` or `0` before decrementing by `2` and thereflow overflowing to max unsigned value or max unsigned value - 1.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJyUU02PpDYQ_TXuS2mRMdDdHDjMzgop0m4umz9QtgvstMEdu-jO5NdHZqa1E2USaSUkwPXxXr3yw5z9vBINovssui8H3NjFNGSHk78cdLQvwxNkRvYGcMXwkn0GjjHAFHCeyQI7nyH4lWCKCa4xZ68DQbxRmkK8i-ZJyPI45msuf2oUapw9u01XJi5CjSHcHq9P1xR_J8NCjTpELdSo6kaqc9cd27o3-tS0mjpEaybbn_qzbiWeSZumftfHl7ovtOA6BxJq_OZNijlO_DirzPUqVPO1bs7qlR1mwH-Th-TzpYJfwOAKmQjYIcOdYMtl8gjGkbmA3hjy3bNx7079OoM4ym87oP0VF6qy_4uEOgvVg2ieQYmjhLtQ46uGJi6LZ9E8AUo0x87050md61d-vzmCRAHZxzU7fwVNfCda_xuiNMfVloTvnPw6f35h-l7CRwk2UoY1MoQYLxD8hcAz-Aw3Sn7yZIV6Bgzs4jY7YEeAOW_LtcAXIZZyCUC_CeIZ7j4EQIZAmBkwQ8A0l6r_JVj9GO6PjfLe3We4O2JH6WPqJm7BAt0ogcMbAcINw0YQp5Jfl5S4l8ryqWmKicCSSbTQymUr-qWE1UOgAkX7th9rL0kcYcE_YVt3f9gHSPro9BPU1cEOje2bHg801Ke2VupY16eDG_quo7ajqZXWoDyftOnr1qKUtdVNq7uDH5RUnWzkUdZdV58qebQ4NdNJ27ahSUrRSlrQh6rc7yqm-eBz3mioVd-f5CGgppB3Ayu10h32qFCq-DkNu6v0NmfRyuAz5x9t2HOg4RlX-KfM4Fewb1Z5jXz1TAlDCXxopnd2Hw9bCsNPu30nnYUa36a6DervAAAA__-pVYaE">