PATCH fixes crashes in demangler

Stu Grossman grossman@cygnus.com
Thu May 13 16:13:00 GMT 1999 

cvs server: Diffing .
Index: ChangeLog
===================================================================
RCS file: /cvs/egcs/egcs/libiberty/ChangeLog,v
retrieving revision 1.107
diff -c -p -r1.107 ChangeLog
*** ChangeLog	1999/05/13 01:23:41	1.107
--- ChangeLog	1999/05/13 23:09:43
***************
*** 1,3 ****
--- 1,9 ----
+ Thu May 13 14:26:41 1999  Stu Grossman  <grossman@babylon-5.cygnus.com>
+ 
+ 	* cplus-dem.c (demangle_fund_type (near 'I' case)): Don't advance
+ 	the *mangled pointer beyond the end of the string.  Clean up code to
+ 	match prevailing coding style.
+ 
  1999-05-13  Michael Hayes  <m.hayes@elec.canterbury.ac.nz>
  
  	* tmpnam.c (L_tmpnam): Fix typo.
Index: cplus-dem.c
===================================================================
RCS file: /cvs/egcs/egcs/libiberty/cplus-dem.c,v
retrieving revision 1.46
diff -c -p -r1.46 cplus-dem.c
*** cplus-dem.c	1999/05/13 00:24:18	1.46
--- cplus-dem.c	1999/05/13 23:09:43
*************** char * realloc ();
*** 51,56 ****
--- 51,58 ----
  
  #include "libiberty.h"
  
+ #define min(X,Y) (((X) < (Y)) ? (X) : (Y))
+ 
  static const char *mystrstr PARAMS ((const char *, const char *));
  
  static const char *
*************** demangle_fund_type (work, mangled, resul
*** 3373,3386 ****
  	  break;
  	}
      case 'I':
!       ++(*mangled);
        if (**mangled == '_')
  	{
  	  int i;
! 	  ++(*mangled);
  	  for (i = 0;
! 	       (i < sizeof (buf) - 1 && **mangled && **mangled != '_');
! 	       ++(*mangled), ++i)
  	    buf[i] = **mangled;
  	  if (**mangled != '_')
  	    {
--- 3375,3388 ----
  	  break;
  	}
      case 'I':
!       (*mangled)++;
        if (**mangled == '_')
  	{
  	  int i;
! 	  (*mangled)++;
  	  for (i = 0;
! 	       i < sizeof (buf) - 1 && **mangled && **mangled != '_';
! 	       (*mangled)++, i++)
  	    buf[i] = **mangled;
  	  if (**mangled != '_')
  	    {
*************** demangle_fund_type (work, mangled, resul
*** 3388,3400 ****
  	      break;
  	    }
  	  buf[i] = '\0';
! 	  ++(*mangled);
  	}
        else
  	{
  	  strncpy (buf, *mangled, 2);
  	  buf[2] = '\0';
! 	  *mangled += 2;
  	}
        sscanf (buf, "%x", &dec);
        sprintf (buf, "int%i_t", dec);
--- 3390,3402 ----
  	      break;
  	    }
  	  buf[i] = '\0';
! 	  (*mangled)++;
  	}
        else
  	{
  	  strncpy (buf, *mangled, 2);
  	  buf[2] = '\0';
! 	  *mangled += min (strlen (*mangled), 2);
  	}
        sscanf (buf, "%x", &dec);
        sprintf (buf, "int%i_t", dec);

More information about the Gcc-patches mailing list