[Bug c++/70909] Libiberty Demangler segfaults (4)

trippels at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Fri Dec 2 17:17:00 GMT 2016


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909

--- Comment #24 from Markus Trippelsdorf <trippels at gcc dot gnu.org> ---
(In reply to Mark Wielaard from comment #22)
> Created attachment 40230 [details]
> d_printing mark/walk/unmark protection
> 
> (In reply to Nathan Sidwell from comment #21)
> > Why doesn't a mark/walk/unmark idiom when walking a potentially circular
> > data structure work here?  I.e. add a mutable counter to demangle_component.
> > Inc/dec at start/end of d_print_comp? IIUC if it gets to >1 there's a
> > problem.
> 
> That is a good idea. However it seems things aren't as simple as that.
> The attached patch implements it, but that produces various testsuite
> failures:
> ./test-demangle: 960 tests, 7 failures
> 
> It might of course be that I messed up the check or that any of these
> failures really are bad.

You need to allow one more level of recursion. The following variant works
fine: 

+  /* We need to cheat for the endless recursive printing protection.  */
+  struct demangle_component *dc1 = (struct demangle_component *) dc;
+  if (dc1 == NULL || dc1->d_printing > 1)
+    {
+      d_print_error (dpi);
+      return;
+    }
+  else
+    dc1->d_printing += 1;


More information about the Gcc-bugs mailing list