This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name
- From: "sb at biallas dot net" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 1 Jul 2005 13:24:47 -0000
- Subject: [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
I use the libiberty c++ name demangler for unmangling symbols. Since I don't
know whether the symbols are really mangled, the demangler will sometimes see
names which are either mangled with a completely different mangler or even not
mangled at all.
This is quite a good stress test for the demangler and I've encountered a symbol
name on which it fails (crashes). The symbol is "ALsetchannels" which will be
regarded as an array type ('A') with exp-primary ('L'). But the exp-primary
end-marker ('E') is missing, this will result in an endless loop in
d_expr_primary():
2337 while (d_peek_char (di) != 'E')
2338 d_advance (di, 1);
Example program showing crash (or other undefined behaviour):
#include "demangle.h"
int main()
{
cplus_demangle_v3("ALsetchannels", DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES);
return 0;
}
--
Summary: libiberty demanger crashes on (invalid) mangled name
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: other
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: sb at biallas dot net
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268