projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a288ec4)
[demangler] Fix a exponential string copying bug
authorErik Pilkington <erik.pilkington@gmail.com>
Sun, 28 May 2017 23:15:50 +0000 (23:15 +0000)
committerErik Pilkington <erik.pilkington@gmail.com>
Sun, 28 May 2017 23:15:50 +0000 (23:15 +0000)
The problem was that if base_name() was called from a context without
an actual base name, it could gulp up the entire string, which can
result in recursive duplications. The fix is to be more strict as to
what qualifies as a base name.

Differential revision: https://reviews.llvm.org/D33637

llvm-svn: 304113

libcxxabi/src/cxa_demangle.cpp patch | blob | history
libcxxabi/test/test_demangle.pass.cpp patch | blob | history

diff --git a/libcxxabi/src/cxa_demangle.cpp b/libcxxabi/src/cxa_demangle.cpp
index d8734fb..3707dca 100644 (file)
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@@ -2915,6 +2915,10 @@ base_name(String& s)
             ++p0;
             break;
         }
+        if (!isalpha(*p0) && !isdigit(*p0) && *p0 != '_')
+        {
+            return String();
+        }
     }
     return String(p0, pe);
 }
diff --git a/libcxxabi/test/test_demangle.pass.cpp b/libcxxabi/test/test_demangle.pass.cpp
index 9e4a008..451f5f9 100644 (file)
--- a/libcxxabi/test/test_demangle.pass.cpp
+++ b/libcxxabi/test/test_demangle.pass.cpp
@@ -29668,6 +29668,7 @@ const char* invalid_cases[] =
     "\x46\x44\x74\x70\x74\x71\x75\x32\x43\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x34\xD3\x73\x9E\x2A\x37\x72\x33\x8E\x3A\x29\x8E\x44\x35",
     "_ZcvCiIJEEDvT__FFFFT_vT_v",
     "Z1JIJ1_T_EE3o00EUlT_E0",
+    "___Z2i_D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
 };
 
 const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);
Domain: System / Toolchain;