[llvm] r358708 - llvm-undname: Fix two more asserts-on-invalid, found by oss-fuzz

Nico Weber via llvm-commits llvm-commits at lists.llvm.org
Thu Apr 18 12:52:32 PDT 2019 

Author: nico
Date: Thu Apr 18 12:52:32 2019
New Revision: 358708

URL: http://llvm.org/viewvc/llvm-project?rev=358708&view=rev
Log:
llvm-undname: Fix two more asserts-on-invalid, found by oss-fuzz

Modified:
    llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp
    llvm/trunk/test/Demangle/invalid-manglings.test

Modified: llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp?rev=358708&r1=358707&r2=358708&view=diff
==============================================================================
--- llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp (original)
+++ llvm/trunk/lib/Demangle/MicrosoftDemangle.cpp Thu Apr 18 12:52:32 2019
@@ -982,6 +982,7 @@ static uint8_t rebasedHexDigitToNumber(c
 }
 
 uint8_t Demangler::demangleCharLiteral(StringView &MangledName) {
+  assert(!MangledName.empty());
   if (!MangledName.startsWith('?'))
     return MangledName.popFront();
 
@@ -1248,7 +1249,7 @@ Demangler::demangleStringLiteral(StringV
 
   // Encoded Length
   std::tie(StringByteSize, IsNegative) = demangleNumber(MangledName);
-  if (Error || IsNegative)
+  if (Error || IsNegative || StringByteSize < (IsWcharT ? 2 : 1))
     goto StringLiteralError;
 
   // CRC 32 (always 8 characters plus a terminator)
@@ -1269,7 +1270,7 @@ Demangler::demangleStringLiteral(StringV
       Result->IsTruncated = true;
 
     while (!MangledName.consumeFront('@')) {
-      if (StringByteSize < 2)
+      if (MangledName.size() < 2)
         goto StringLiteralError;
       wchar_t W = demangleWcharLiteral(MangledName);
       if (StringByteSize != 2 || Result->IsTruncated)
@@ -1286,7 +1287,7 @@ Demangler::demangleStringLiteral(StringV
 
     unsigned BytesDecoded = 0;
     while (!MangledName.consumeFront('@')) {
-      if (StringByteSize < 1)
+      if (MangledName.size() < 1)
         goto StringLiteralError;
       StringBytes[BytesDecoded++] = demangleCharLiteral(MangledName);
     }

Modified: llvm/trunk/test/Demangle/invalid-manglings.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Demangle/invalid-manglings.test?rev=358708&r1=358707&r2=358708&view=diff
==============================================================================
--- llvm/trunk/test/Demangle/invalid-manglings.test (original)
+++ llvm/trunk/test/Demangle/invalid-manglings.test Thu Apr 18 12:52:32 2019
@@ -149,3 +149,13 @@
 ; CHECK-EMPTY:
 ; CHECK-NEXT: ??_C at _1A@01234567 at a
 ; CHECK-NEXT: error: Invalid mangled name
+
+??_C at _0301234567@a
+; CHECK-EMPTY:
+; CHECK-NEXT: ??_C at _0301234567@a
+; CHECK-NEXT: error: Invalid mangled name
+
+??_C at _1301234567@a
+; CHECK-EMPTY:
+; CHECK-NEXT: ??_C at _1301234567@a
+; CHECK-NEXT: error: Invalid mangled name

More information about the llvm-commits mailing list