[PATCH 4/7] Fix int overflow
Ian Lance Taylor
iant@google.com
Wed Jul 8 10:52:00 GMT 2015
On Mon, Jul 6, 2015 at 12:36 PM, Mikhail Maltsev <maltsevm@gmail.com> wrote:
>
> diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c
> index 44a0a9b..befa6b6 100644
> --- a/libiberty/cp-demangle.c
> +++ b/libiberty/cp-demangle.c
> @@ -103,6 +103,7 @@
> #include "config.h"
> #endif
>
> +#include <limits.h>
All existing uses of limits.h in libiberty are inside #ifdef
HAVE_LIMITS_H. See other files in the directory.
> @@ -1599,7 +1600,7 @@ d_source_name (struct d_info *di)
> struct demangle_component *ret;
>
> len = d_number (di);
> - if (len <= 0)
> + if (len <= 0 || len > INT_MAX)
> return NULL;
This is not, in my opinion, the best way to write this kind of thing.
Instead, write something like
int ilen;
ilen = (int) len:
if ((long) ilen != len)
return NULL;
But better still is to consider the larger context. We want the
demangler to work the same on all hosts, if at all possible.
d_identifier is called exactly once. Change it to take a parameter of
type long. Don't worry about changing d_source_name.
Then look at the fact that d_number does not check for overflow. We
should consider changing d_number to limit itself to 32-bit integers,
and to return an error indication on overflow. From a quick glance I
don't see any need for the demangler to support numbers larger than 32
bits. I think it's OK if we fail to demangle symbol names that are
more than 2 billion characters long.
Ian
More information about the Gcc-patches
mailing list