From a7d0b7a786c769440143acb94f533149faac12c9 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 10 Apr 2020 17:42:00 -0700 Subject: [PATCH] ld128 demangle: allow space for 'L' suffix. Summary: Caught by HWASAN on arm64 Android (which uses ld128 for long double). This was running the existing fuzzer. The specific minimized fuzz input to reproduce this is: __cxa_demangle("1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE", 0, 0, 0); Reviewers: eugenis, srhines, #libc_abi! Subscribers: kristof.beyls, danielkiss, libcxx-commits Tags: #libc_abi Differential Revision: https://reviews.llvm.org/D77924 --- libcxxabi/src/demangle/ItaniumDemangle.h | 7 ++++++- libcxxabi/test/test_demangle.pass.cpp | 7 +++++++ llvm/include/llvm/Demangle/ItaniumDemangle.h | 7 ++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/libcxxabi/src/demangle/ItaniumDemangle.h b/libcxxabi/src/demangle/ItaniumDemangle.h index 6ab8732..ede9c6d 100644 --- a/libcxxabi/src/demangle/ItaniumDemangle.h +++ b/libcxxabi/src/demangle/ItaniumDemangle.h @@ -5203,7 +5203,12 @@ struct FloatData #else static const size_t mangled_size = 20; // May need to be adjusted to 16 or 24 on other platforms #endif - static const size_t max_demangled_size = 40; + // `-0x1.ffffffffffffffffffffffffffffp+16383` + 'L' + '\0' == 42 bytes. + // 28 'f's * 4 bits == 112 bits, which is the number of mantissa bits. + // Negatives are one character longer than positives. + // `0x1.` and `p` are constant, and exponents `+16383` and `-16382` are the + // same length. 1 sign bit, 112 mantissa bits, and 15 exponent bits == 128. + static const size_t max_demangled_size = 42; static constexpr const char *spec = "%LaL"; }; diff --git a/libcxxabi/test/test_demangle.pass.cpp b/libcxxabi/test/test_demangle.pass.cpp index ef75b61..236c1d9 100644 --- a/libcxxabi/test/test_demangle.pass.cpp +++ b/libcxxabi/test/test_demangle.pass.cpp @@ -15,6 +15,8 @@ // Is long double fp80? (Only x87 extended double has 64-bit mantissa) #define LDBL_FP80 (__LDBL_MANT_DIG__ == 64) +// Is long double fp128? +#define LDBL_FP128 (__LDBL_MANT_DIG__ == 113) const char* cases[][2] = { @@ -29837,6 +29839,11 @@ struct FPLiteralCase { "void test0::h(char (&) [(unsigned int)((sizeof (float)) + (0xap-1L))])", }}, #endif +#if LDBL_FP128 + // This was found by libFuzzer+HWASan on aarch64 Android. + {"1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE", + {"\x6<-0x1.cecececececececececececececep+11983"}}, +#endif }; const unsigned NF = sizeof(fp_literal_cases) / sizeof(fp_literal_cases[0]); const unsigned NEF = sizeof(fp_literal_cases[0].expecting) / sizeof(fp_literal_cases[0].expecting[0]); diff --git a/llvm/include/llvm/Demangle/ItaniumDemangle.h b/llvm/include/llvm/Demangle/ItaniumDemangle.h index 6ab8732..ede9c6d 100644 --- a/llvm/include/llvm/Demangle/ItaniumDemangle.h +++ b/llvm/include/llvm/Demangle/ItaniumDemangle.h @@ -5203,7 +5203,12 @@ struct FloatData #else static const size_t mangled_size = 20; // May need to be adjusted to 16 or 24 on other platforms #endif - static const size_t max_demangled_size = 40; + // `-0x1.ffffffffffffffffffffffffffffp+16383` + 'L' + '\0' == 42 bytes. + // 28 'f's * 4 bits == 112 bits, which is the number of mantissa bits. + // Negatives are one character longer than positives. + // `0x1.` and `p` are constant, and exponents `+16383` and `-16382` are the + // same length. 1 sign bit, 112 mantissa bits, and 15 exponent bits == 128. + static const size_t max_demangled_size = 42; static constexpr const char *spec = "%LaL"; }; -- 2.7.4