[Bug c++/67394] crash due to null pointer deref in demangle_signature()
miyuki at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Sat Aug 29 22:06:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67394
Mikhail Maltsev <miyuki at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2015-08-29
CC| |miyuki at gcc dot gnu.org
Ever confirmed|0 |1
Known to fail| |6.0
--- Comment #1 from Mikhail Maltsev <miyuki at gcc dot gnu.org> ---
Reproduces on trunk (the bug is in pre-v3 demangler, cplus-dem.c, I did not
fuzz it). Something like this should fix it:
diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
index c68b981..7ab46dd 100644
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work)
{
free ((char *) work -> btypevec);
work->btypevec = NULL;
+ work->bsize = 0;
}
if (work -> ktypevec != NULL)
{
free ((char *) work -> ktypevec);
work->ktypevec = NULL;
+ work->ksize = 0;
}
}
More information about the Gcc-bugs
mailing list