Hi all, First time emailing gcc-patches, so I'm sorry if I get any of this wrong or if there's obvious errors repeated in my patches. AFAICT I should be sending each change individually rather than as one bulk patch, so I'm sorry about the spam too.
All of these changes were found by fuzzing libiberty's demanglers over the past week, and I have at least one more that it's currently crashing out on but I haven't had time to look into why yet. Obviously since this is my first time emailing I don't have write access to commit any of these, so if any are approved then I'd be grateful if you can commit them too. Thanks, Ben -- The number of elements were being taken as valid and for each one a separator was appended to the output, resulting in a huge memory bloat before crashing later on due to a signed integer overflow. * d-demangle.c (dlang_parse_structlit): Correctly handle error result. * testsuite/d-demangle-expected: Add testcase.
From 4911e6f481472b732277cc9b2136b0846474bb4a Mon Sep 17 00:00:00 2001 From: bobsayshilol <bobsayshi...@live.co.uk> Date: Wed, 9 Jan 2019 22:37:41 +0000 Subject: [PATCH 07/10] libiberty: Correctly handle error result in dlang_parse_structlit(). The number of elements were being taken as valid and for each one a separator was appended to the output, resulting in a huge memory bloat before crashing later on due to a signed integer overflow. * d-demangle.c (dlang_parse_structlit): Correctly handle error result. * testsuite/d-demangle-expected: Add testcase. diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c index 303d2ee..5590417 100644 --- a/libiberty/d-demangle.c +++ b/libiberty/d-demangle.c @@ -1246,6 +1246,9 @@ dlang_parse_structlit (string *decl, const char *mangled, const char *name) while (args--) { mangled = dlang_value (decl, mangled, NULL, '\0'); + if (mangled == NULL) + return NULL; + if (args != 0) string_append (decl, ", "); } diff --git a/libiberty/testsuite/d-demangle-expected b/libiberty/testsuite/d-demangle-expected index 19665f5..0a5f9da 100644 --- a/libiberty/testsuite/d-demangle-expected +++ b/libiberty/testsuite/d-demangle-expected @@ -1314,3 +1314,7 @@ _D8__T2fnVa8888888888888_ --format=dlang _D5__T2fnVmA1A1A911111111D _D5__T2fnVmA1A1A911111111D +# Could crash +--format=dlang +_D7__T2fnVlS8S588888888888S6S5 +_D7__T2fnVlS8S588888888888S6S5 -- 2.20.1