[Bug demangler/88629] Heap-buffer-overflow problem in function d_expression_1 in cp-demangle.c, as demonstrated by c++filt

wcventure at 126 dot com Fri, 28 Dec 2018 02:24:05 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629


--- Comment #3 from Cheng Wen <wcventure at 126 dot com> ---
That 's because "d_advance (di, 2);" in function d_expression_1, it change
di->n = di + 2; leading to buffer-over-flow problem. 

> 3353      d_advance (di, 2);
> 3354      if (peek == 't')
> 3355  type = cplus_demangle_type (di);
> 3356      if (!d_peek_next_char (di))
> 3357  return NULL;

[Bug demangler/88629] Heap-buffer-overflow problem in function d_expression_1 in cp-demangle.c, as demonstrated by c++filt

Reply via email to