void * realloc ();
#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifndef INT_MAX
+# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */
+#endif
+
#include <demangle.h>
#undef CURRENT_DEMANGLING_STYLE
#define CURRENT_DEMANGLING_STYLE work->options
tk_none,
tk_pointer,
tk_reference,
+ tk_rvalue_reference,
tk_integral,
tk_bool,
tk_char,
{
free ((char *) work -> btypevec);
work->btypevec = NULL;
+ work->bsize = 0;
}
if (work -> ktypevec != NULL)
{
free ((char *) work -> ktypevec);
work->ktypevec = NULL;
+ work->ksize = 0;
}
}
}
else if (tk == tk_real)
success = demangle_real_value (work, mangled, s);
- else if (tk == tk_pointer || tk == tk_reference)
+ else if (tk == tk_pointer || tk == tk_reference
+ || tk == tk_rvalue_reference)
{
if (**mangled == 'Q')
success = demangle_qualified (work, mangled, s,
else
{
int symbol_len = consume_count (mangled);
- if (symbol_len == -1)
+ if (symbol_len == -1
+ || symbol_len > (long) strlen (*mangled))
return -1;
if (symbol_len == 0)
string_appendn (s, "0", 1);
success = 1;
break;
}
+ else if (n == -1)
+ {
+ success = 0;
+ break;
+ }
}
else
{
tk = tk_reference;
break;
+ /* An rvalue reference type */
+ case 'O':
+ (*mangled)++;
+ string_prepend (&decl, "&&");
+ if (tk == tk_none)
+ tk = tk_rvalue_reference;
+ break;
+
/* An array */
case 'A':
{
/* A back reference to a previously seen type */
case 'T':
(*mangled)++;
- if (!get_count (mangled, &n) || n >= work -> ntypes)
+ if (!get_count (mangled, &n) || n < 0 || n >= work -> ntypes)
{
success = 0;
}
break;
case 'M':
- case 'O':
{
type_quals = TYPE_UNQUALIFIED;
/* A back reference to a previously seen squangled type */
case 'B':
(*mangled)++;
- if (!get_count (mangled, &n) || n >= work -> numb)
+ if (!get_count (mangled, &n) || n < 0 || n >= work -> numb)
success = 0;
else
string_append (result, work->btypevec[n]);
literal_len = consume_count (mangled);
- if (literal_len <= 0)
+ if (literal_len <= 0
+ || literal_len > (long) strlen (*mangled))
return 0;
/* Literal parameters are names of arrays, functions, etc. and the
}
else
{
+ if (work -> typevec_size > INT_MAX / 2)
+ xmalloc_failed (INT_MAX);
work -> typevec_size *= 2;
work -> typevec
= XRESIZEVEC (char *, work->typevec, work->typevec_size);
}
else
{
+ if (work -> ksize > INT_MAX / 2)
+ xmalloc_failed (INT_MAX);
work -> ksize *= 2;
work -> ktypevec
= XRESIZEVEC (char *, work->ktypevec, work->ksize);
}
else
{
+ if (work -> bsize > INT_MAX / 2)
+ xmalloc_failed (INT_MAX);
work -> bsize *= 2;
work -> btypevec
= XRESIZEVEC (char *, work->btypevec, work->bsize);
else if (s->e - s->p < n)
{
tem = s->p - s->b;
+ if (n > INT_MAX / 2 - tem)
+ xmalloc_failed (INT_MAX);
n += tem;
n *= 2;
s->b = XRESIZEVEC (char, s->b, n);