d-demangle.c (dlang_parse_integer): Fix stack underflow.

author Ben L <bobsayshilol@live.co.uk>

Tue, 30 Apr 2019 14:32:38 +0000 (14:32 +0000)

committer Jeff Law <law@gcc.gnu.org>

Tue, 30 Apr 2019 14:32:38 +0000 (08:32 -0600)
author Ben L <bobsayshilol@live.co.uk>
Tue, 30 Apr 2019 14:32:38 +0000 (14:32 +0000)
committer Jeff Law <law@gcc.gnu.org>
Tue, 30 Apr 2019 14:32:38 +0000 (08:32 -0600)
diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog

index 6e9691c6bae31e43aae36931393a089a095282b0..76a974d65261c55d13ddc2aab8731d0cc6a33479 100644 (file)
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,5 +1,8 @@
  2019-04-30  Ben L  <bobsayshilol@live.co.uk>
  
+       * d-demangle.c (dlang_parse_integer): Fix stack underflow.
+       * testsuite/d-demangle-expected: Add testcase.
+
         * cp-demangle (d_print_comp_inner): Guard against a NULL 'typed_name'.
         * testsuite/demangle-expected: Add testcase.
  
diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c

index 8acbf046f262bc1f769f14d37bcbd0c96f941541..114d9e0ef736cfc33bc61c9faea627c9c5f744dd 100644 (file)
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -939,8 +939,8 @@ dlang_parse_integer (string *decl, const char *mangled, char type)
    if (type == 'a' || type == 'u' || type == 'w')
      {
        /* Parse character value.  */
-      char value[10];
-      int pos = 10;
+      char value[20];
+      int pos = sizeof(value);
        int width = 0;
        long val;
  
@@ -991,7 +991,7 @@ dlang_parse_integer (string *decl, const char *mangled, char type)
           for (; width > 0; width--)
             value[--pos] = '0';
  
-         string_appendn (decl, &(value[pos]), 10 - pos);
+         string_appendn (decl, &(value[pos]), sizeof(value) - pos);
         }
        string_append (decl, "'");
      }
diff --git a/libiberty/testsuite/d-demangle-expected b/libiberty/testsuite/d-demangle-expected

index 547a2ddec397b44b118226275fbe46b2167eb3b1..998823899b5033131a9dc1b073acc5c81161cb55 100644 (file)
--- a/libiberty/testsuite/d-demangle-expected
+++ b/libiberty/testsuite/d-demangle-expected
@@ -1306,3 +1306,7 @@ rt.lifetime._d_newarrayOpT!(_d_newarrayiT)._d_newarrayOpT(const(TypeInfo), ulong
  --format=dlang
  _D4core8demangle16__T6mangleTFZPvZ6mangleFNaNbNfAxaAaZ11DotSplitter5emptyMxFNaNbNdNiNfZb
  core.demangle.mangle!(void*() function).mangle(const(char)[], char[]).DotSplitter.empty() const
+# Could crash
+--format=dlang
+_D8__T2fnVa8888888888888_
+_D8__T2fnVa8888888888888_
author	Ben L <bobsayshilol@live.co.uk>
	Tue, 30 Apr 2019 14:32:38 +0000 (14:32 +0000)
committer	Jeff Law <law@gcc.gnu.org>
	Tue, 30 Apr 2019 14:32:38 +0000 (08:32 -0600)
libiberty/ChangeLog		patch \| blob \| blame \| history
libiberty/d-demangle.c		patch \| blob \| blame \| history
libiberty/testsuite/d-demangle-expected		patch \| blob \| blame \| history