[llvm] r358421 - llvm-undname: Fix nullptr deref on invalid conversion operator names in template args
Nico Weber via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 15 09:42:44 PDT 2019
Author: nico
Date: Mon Apr 15 09:42:44 2019
New Revision: 358421
URL: http://llvm.org/viewvc/llvm-project?rev=358421&view=rev
Log:
llvm-undname: Fix nullptr deref on invalid conversion operator names in template args
A ConversionOperatorIdentifierNode has a TargetType which is read when
printing it, but if the ConversionOperatorIdentifierNode appears in a
template argument there's nothing that can provide the TargetType.
Normally the COIN is a symbol (leaf) name and takes its TargetType from the
symbol's type, but in a template argument context the COIN can only be
either a non-leaf name piece or a type, and must hence be invalid.
Similar to the COIN check in demangleDeclarator().
Found by oss-fuzz.
Modified:
llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp
llvm/trunk/test/Demangle/invalid-manglings.test
Modified: llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp?rev=358421&r1=358420&r2=358421&view=diff
==============================================================================
--- llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp (original)
+++ llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp Mon Apr 15 09:42:44 2019
@@ -947,8 +947,17 @@ Demangler::demangleTemplateInstantiation
if (Error)
return nullptr;
- if (NBB & NBB_Template)
+ if (NBB & NBB_Template) {
+ // NBB_Template is only set for types and non-leaf names ("a::" in "a::b").
+ // A conversion operator only makes sense in a leaf name , so reject it in
+ // NBB_Template contexts.
+ if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) {
+ Error = true;
+ return nullptr;
+ }
+
memorizeIdentifier(Identifier);
+ }
return Identifier;
}
Modified: llvm/trunk/test/Demangle/invalid-manglings.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Demangle/invalid-manglings.test?rev=358421&r1=358420&r2=358421&view=diff
==============================================================================
--- llvm/trunk/test/Demangle/invalid-manglings.test (original)
+++ llvm/trunk/test/Demangle/invalid-manglings.test Mon Apr 15 09:42:44 2019
@@ -129,3 +129,8 @@
; CHECK-EMPTY:
; CHECK-NEXT: ??_R4foo@@
; CHECK-NEXT: error: Invalid mangled name
+
+?foo@?$?BH@@QAEHXZ
+; CHECK-EMPTY:
+; CHECK-NEXT: ?foo@?$?BH@@QAEHXZ
+; CHECK-NEXT: error: Invalid mangled name
More information about the llvm-commits
mailing list