* cplus-dem.c (mop_up): Set typevec_size to zero, so it'll be
reallocated properly if we use it again.
* cplus-dem.c (demangle_fund_type): Check for buffer overrun. Be
stricter about syntax. Always null-terminate string.
From-SVN: r26562
{
free ((char *) work -> typevec);
work -> typevec = NULL;
+ work -> typevec_size = 0;
}
if (work->tmpl_argvec)
{
{
int i;
++(*mangled);
- for (i = 0; **mangled && **mangled != '_'; ++(*mangled), ++i)
+ for (i = 0;
+ (i < sizeof (buf) - 1 && **mangled && **mangled != '_');
+ ++(*mangled), ++i)
buf[i] = **mangled;
+ if (**mangled != '_')
+ {
+ success = 0;
+ break;
+ }
buf[i] = '\0';
++(*mangled);
}
else
{
strncpy (buf, *mangled, 2);
+ buf[2] = '\0';
*mangled += 2;
}
sscanf (buf, "%x", &dec);