[libcxxabi] r338190 - [demangler] Fix an oss-fuzz bug from r338138
Erik Pilkington via cfe-commits
cfe-commits at lists.llvm.org
Fri Jul 27 21:06:30 PDT 2018
Author: epilk
Date: Fri Jul 27 21:06:30 2018
New Revision: 338190
URL: http://llvm.org/viewvc/llvm-project?rev=338190&view=rev
Log:
[demangler] Fix an oss-fuzz bug from r338138
Stack overflow on invalid. While collapsing references, we were skipping over a
cycle check in ForwardTemplateReference leading to a stack overflow. This commit
fixes the problem by duplicating the cycle check in ReferenceType.
Modified:
libcxxabi/trunk/src/cxa_demangle.cpp
Modified: libcxxabi/trunk/src/cxa_demangle.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxxabi/trunk/src/cxa_demangle.cpp?rev=338190&r1=338189&r2=338190&view=diff
==============================================================================
--- libcxxabi/trunk/src/cxa_demangle.cpp (original)
+++ libcxxabi/trunk/src/cxa_demangle.cpp Fri Jul 27 21:06:30 2018
@@ -461,6 +461,8 @@ class ReferenceType : public Node {
const Node *Pointee;
ReferenceKind RK;
+ mutable bool Printing = false;
+
// Dig through any refs to refs, collapsing the ReferenceTypes as we go. The
// rule here is rvalue ref to rvalue ref collapses to a rvalue ref, and any
// other combination collapses to a lvalue ref.
@@ -487,6 +489,9 @@ public:
}
void printLeft(OutputStream &s) const override {
+ if (Printing)
+ return;
+ SwapAndRestore<bool> SavePrinting(Printing, true);
std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
Collapsed.second->printLeft(s);
if (Collapsed.second->hasArray(s))
@@ -497,6 +502,9 @@ public:
s += (Collapsed.first == ReferenceKind::LValue ? "&" : "&&");
}
void printRight(OutputStream &s) const override {
+ if (Printing)
+ return;
+ SwapAndRestore<bool> SavePrinting(Printing, true);
std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
if (Collapsed.second->hasArray(s) || Collapsed.second->hasFunction(s))
s += ")";
More information about the cfe-commits
mailing list