Fix for PR70926 in Libiberty Demangler (5)
Jeff Law
law@redhat.com
Wed Jun 22 20:21:00 GMT 2016
On 05/26/2016 01:02 AM, Marcel Böhme wrote:
> Hi: Pending review.
>
> Best - Marcel
>
>> On 3 May 2016, at 10:40 PM, Marcel Böhme <boehme.marcel@gmail.com> wrote:
>>
>> Hi,
>>
>> This fixes four access violations (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926).
>>
>> Two of these first read the value of a length variable len from the mangled string, then strncpy len characters from the mangled string; more than necessary.
>> The other two read the value of an array index n from the mangled string, which can be negative due to an overflow.
>>
>> Bootstrapped and regression tested on x86_64-pc-linux-gnu. Test cases added to libiberty/testsuite/demangler-expected and checked PR70926 is resolved.
>>
>> Best regards,
>> - Marcel
>>
>> Index: libiberty/ChangeLog
>> ===================================================================
>> --- libiberty/ChangeLog (revision 235801)
>> +++ libiberty/ChangeLog (working copy)
>> @@ -1,3 +1,12 @@
>> +2016-05-03 Marcel Böhme <boehme.marcel@gmail.com>
>> +
>> + PR c++/70926
>> + * cplus-dem.c: Handle large values and overflow when demangling
>> + length variables.
>> + (demangle_template_value_parm): Read only until end of mangled string.
>> + (do_hpacc_template_literal): Likewise.
>> + (do_type): Handle overflow when demangling array indices.
OK for the trunk. Please install.
Sorry for the delays.
Jeff
More information about the Gcc-patches
mailing list