[libcxxabi] r184562 - I created a random mangled name generator and have thrown about 200 million random strings at the demangler. I succeeded in crashing it twice more and those crashers have been fixed and the test suite updated with the crash cases.

Howard Hinnant hhinnant at apple.com
Fri Jun 21 10:04:24 PDT 2013 

Author: hhinnant
Date: Fri Jun 21 12:04:24 2013
New Revision: 184562

URL: http://llvm.org/viewvc/llvm-project?rev=184562&view=rev
Log:
I created a random mangled name generator and have thrown about 200 million random strings at the demangler.  I succeeded in crashing it twice more and those crashers have been fixed and the test suite updated with the crash cases.

Modified:
    libcxxabi/trunk/src/cxa_demangle.cpp
    libcxxabi/trunk/test/test_demangle.cpp

Modified: libcxxabi/trunk/src/cxa_demangle.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/src/cxa_demangle.cpp?rev=184562&r1=184561&r2=184562&view=diff
==============================================================================
--- libcxxabi/trunk/src/cxa_demangle.cpp (original)
+++ libcxxabi/trunk/src/cxa_demangle.cpp Fri Jun 21 12:04:24 2013
@@ -1022,8 +1022,6 @@ parse_base_unresolved_name(const char* f
                         db.names.back().first += std::move(args);
                     }
                 }
-                else
-                    first = t;
             }
             else
             {
@@ -2071,7 +2069,7 @@ parse_type(const char* first, const char
                                 size_t k0 = db.names.size();
                                 t = parse_type(first+2, last, db);
                                 size_t k1 = db.names.size();
-                                if (t != first+1)
+                                if (t != first+2)
                                 {
                                     db.subs.emplace_back(db.names.get_allocator());
                                     for (size_t k = k0; k < k1; ++k)
@@ -3841,7 +3839,7 @@ parse_nested_name(const char* first, con
         }
         first = t0 + 1;
         db.cv = cv;
-        if (pop_subs)
+        if (pop_subs && !db.subs.empty())
             db.subs.pop_back();
     }
     return first;

Modified: libcxxabi/trunk/test/test_demangle.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/test/test_demangle.cpp?rev=184562&r1=184561&r2=184562&view=diff
==============================================================================
--- libcxxabi/trunk/test/test_demangle.cpp (original)
+++ libcxxabi/trunk/test/test_demangle.cpp Fri Jun 21 12:04:24 2013
@@ -29591,6 +29591,8 @@ const char* invalid_cases[] =
 {
     "_ZIPPreEncode",
     "Agentt",
+    "NSoERj5E=Y1[uM:ga",
+    "Aon_PmKVPDk7?fg4XP5smMUL6;<WsI_mgbf23cCgsHbT<l8EE\0uVRkNOoXDrgdA4[8IU>Vl<>IL8ayHpiVDDDXTY;^o9;i",
 };
 
 const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);

More information about the cfe-commits mailing list