| Message ID | 559AD84C.6080106@gmail.com |
|---|---|
| State | New |
| Headers | show |
On 07/06/2015 01:34 PM, Mikhail Maltsev wrote: > --- > libiberty/cp-demangle.c | 4 +++- > libiberty/testsuite/demangle-expected | 6 ++++++ > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c > index 12093cc..44a0a9b 100644 > --- a/libiberty/cp-demangle.c > +++ b/libiberty/cp-demangle.c > @@ -3267,7 +3267,9 @@ d_expression_1 (struct d_info *di) > struct demangle_component *second; > struct demangle_component *third; > > - if (!strcmp (code, "qu")) > + if (code == NULL) > + return NULL; > + else if (!strcmp (code, "qu")) > { > /* ?: expression. */ > first = d_expression_1 (di); > diff --git a/libiberty/testsuite/demangle-expected > b/libiberty/testsuite/demangle-expected > index 6ea64ae..47ca8f5 100644 > --- a/libiberty/testsuite/demangle-expected > +++ b/libiberty/testsuite/demangle-expected > @@ -4091,6 +4091,12 @@ void g<1>(A<1>&, B<static_cast<bool>(1)>&) > _ZNKSt7complexIiE4realB5cxx11Ev > std::complex<int>::real[abi:cxx11]() const > # > +# Some more crashes revealed by fuzz-testing: > +# Check for NULL pointer when demangling trinary operators > +--format=gnu-v3 > +Av32_f > +Av32_f > +# > # Ada (GNAT) tests. > # > # Simple test. > OK with a suitable ChangeLog entry. And a generic question on the testsuite -- presumably it turns on type demangling? I wanted to verify the flow through d_expression_1 was what I expected it to be and it took a while to realize that c++filt doesn't demangle types by default, thus Av32_f would demangle to Av32_f without ever getting into d_expression_1. jeff
On Tue, Jul 7, 2015 at 3:40 PM, Jeff Law <law@redhat.com> wrote: > > And a generic question on the testsuite -- presumably it turns on type > demangling? I wanted to verify the flow through d_expression_1 was what I > expected it to be and it took a while to realize that c++filt doesn't > demangle types by default, thus Av32_f would demangle to Av32_f without ever > getting into d_expression_1. The testsuite passes DMGL_TYPES to the demangler (see libiberty/testsuite/test-demangle.c). The c++filt program does not use DMGL_TYPES by defaut (you can turn it on with the -t option). I don't know of anybody who actually uses the DMGL_TYPES support. I don't know why anybody would. Ian
>>>>> "Ian" == Ian Lance Taylor <iant@google.com> writes:
Ian> I don't know of anybody who actually uses the DMGL_TYPES support. I
Ian> don't know why anybody would.
It's used in gdb's DWARF reader, though I no longer remember why.
Tom
On Wed, Jul 8, 2015 at 6:42 AM, Tom Tromey <tom@tromey.com> wrote: >>>>>> "Ian" == Ian Lance Taylor <iant@google.com> writes: > > Ian> I don't know of anybody who actually uses the DMGL_TYPES support. I > Ian> don't know why anybody would. > > It's used in gdb's DWARF reader, though I no longer remember why. Looking at the code briefly, I bet everything would keep working if the DMGL_TYPES were simply removed. Ian
diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c index 12093cc..44a0a9b 100644 --- a/libiberty/cp-demangle.c +++ b/libiberty/cp-demangle.c @@ -3267,7 +3267,9 @@ d_expression_1 (struct d_info *di) struct demangle_component *second; struct demangle_component *third; - if (!strcmp (code, "qu")) + if (code == NULL) + return NULL; + else if (!strcmp (code, "qu")) { /* ?: expression. */ first = d_expression_1 (di); diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected index 6ea64ae..47ca8f5 100644 --- a/libiberty/testsuite/demangle-expected +++ b/libiberty/testsuite/demangle-expected @@ -4091,6 +4091,12 @@ void g<1>(A<1>&, B<static_cast<bool>(1)>&) _ZNKSt7complexIiE4realB5cxx11Ev std::complex<int>::real[abi:cxx11]() const # +# Some more crashes revealed by fuzz-testing: +# Check for NULL pointer when demangling trinary operators +--format=gnu-v3 +Av32_f +Av32_f +# # Ada (GNAT) tests. # # Simple test.