git
/
gcc
mirror of git://gcc.gnu.org/git/gcc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

re PR c++/71696 (Libiberty Demangler segfaults (6)) 

2016-08-04  Marcel Böhme  <boehme.marcel@gmail.com>

	PR c++/71696
	* cplus-dem.c: Prevent infinite recursion when there is a cycle
	in the referencing of remembered mangled types.
	(work_stuff): New stack to keep track of the remembered mangled
	types that are currently being processed.
	(push_processed_type): New method to push currently processed
	remembered type onto the stack.
	(pop_processed_type): New method to pop currently processed
	remembered type from the stack.
	(work_stuff_copy_to_from): Copy values of new variables.
	(delete_non_B_K_work_stuff): Free stack memory.
	(demangle_args): Push/Pop currently processed remembered type.
	(do_type): Do not demangle a cyclic reference and push/pop
	referenced remembered type.

From-SVN: r239143
This commit is contained in:
Marcel Böhme 2016-08-04 16:53:18 +00:00 committed by Jeff Law
parent da84183c71
commit 1841e25ca5
3 changed files with 97 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libiberty/ChangeLog
View File

@ -1,3 +1,20 @@
2016-08-04 Marcel Böhme <boehme.marcel@gmail.com>
PR c++/71696
* cplus-dem.c: Prevent infinite recursion when there is a cycle
in the referencing of remembered mangled types.
(work_stuff): New stack to keep track of the remembered mangled
types that are currently being processed.
(push_processed_type): New method to push currently processed
remembered type onto the stack.
(pop_processed_type): New method to pop currently processed
remembered type from the stack.
(work_stuff_copy_to_from): Copy values of new variables.
(delete_non_B_K_work_stuff): Free stack memory.
(demangle_args): Push/Pop currently processed remembered type.
(do_type): Do not demangle a cyclic reference and push/pop
referenced remembered type.
2016-07-29 Aldy Hernandez <aldyh@redhat.com> 2016-07-29 Aldy Hernandez <aldyh@redhat.com>
* make-relative-prefix.c (make_relative_prefix_1): Fall back to * make-relative-prefix.c (make_relative_prefix_1): Fall back to
@ -16,7 +33,7 @@
(d_template_args_1): Split out from d_template_args. (d_template_args_1): Split out from d_template_args.
(d_args_length): New. (d_args_length): New.
2016-07-13 Marcel BÃhme <boehme.marcel@gmail.com> 2016-07-13 Marcel Böhme <boehme.marcel@gmail.com>
PR c++/70926 PR c++/70926
* cplus-dem.c: Handle large values and overflow when demangling * cplus-dem.c: Handle large values and overflow when demangling

78
libiberty/cplus-dem.c
View File

@ -144,6 +144,9 @@ struct work_stuff
string* previous_argument; /* The last function argument demangled. */ string* previous_argument; /* The last function argument demangled. */
int nrepeats; /* The number of times to repeat the previous int nrepeats; /* The number of times to repeat the previous
argument. */ argument. */
int *proctypevec; /* Indices of currently processed remembered typevecs. */
int proctypevec_size;
int nproctypes;
}; };
#define PRINT_ANSI_QUALIFIERS (work -> options & DMGL_ANSI) #define PRINT_ANSI_QUALIFIERS (work -> options & DMGL_ANSI)
@ -436,6 +439,10 @@ iterate_demangle_function (struct work_stuff *,
static void remember_type (struct work_stuff *, const char *, int); static void remember_type (struct work_stuff *, const char *, int);
static void push_processed_type (struct work_stuff *, int);
static void pop_processed_type (struct work_stuff *);
static void remember_Btype (struct work_stuff *, const char *, int, int); static void remember_Btype (struct work_stuff *, const char *, int, int);
static int register_Btype (struct work_stuff *); static int register_Btype (struct work_stuff *);
@ -1302,6 +1309,10 @@ work_stuff_copy_to_from (struct work_stuff *to, struct work_stuff *from)
memcpy (to->btypevec[i], from->btypevec[i], len); memcpy (to->btypevec[i], from->btypevec[i], len);
} }
if (from->proctypevec)
to->proctypevec =
XDUPVEC (int, from->proctypevec, from->proctypevec_size);
if (from->ntmpl_args) if (from->ntmpl_args)
to->tmpl_argvec = XNEWVEC (char *, from->ntmpl_args); to->tmpl_argvec = XNEWVEC (char *, from->ntmpl_args);
@ -1330,11 +1341,17 @@ delete_non_B_K_work_stuff (struct work_stuff *work)
/* Discard the remembered types, if any. */ /* Discard the remembered types, if any. */
forget_types (work); forget_types (work);
if (work -> typevec != NULL) if (work->typevec != NULL)
{ {
free ((char *) work -> typevec); free ((char *) work->typevec);
work -> typevec = NULL; work->typevec = NULL;
work -> typevec_size = 0; work->typevec_size = 0;
}
if (work->proctypevec != NULL)
{
free (work->proctypevec);
work->proctypevec = NULL;
work->proctypevec_size = 0;
} }
if (work->tmpl_argvec) if (work->tmpl_argvec)
{ {
@ -3555,6 +3572,8 @@ static int
do_type (struct work_stuff *work, const char **mangled, string *result) do_type (struct work_stuff *work, const char **mangled, string *result)
{ {
int n; int n;
int i;
int is_proctypevec;
int done; int done;
int success; int success;
string decl; string decl;
@ -3567,6 +3586,7 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
done = 0; done = 0;
success = 1; success = 1;
is_proctypevec = 0;
while (success && !done) while (success && !done)
{ {
int member; int member;
@ -3627,8 +3647,15 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
success = 0; success = 0;
} }
else else
for (i = 0; i < work->nproctypes; i++)
if (work -> proctypevec [i] == n)
success = 0;
if (success)
{ {
remembered_type = work -> typevec[n]; is_proctypevec = 1;
push_processed_type (work, n);
remembered_type = work->typevec[n];
mangled = &remembered_type; mangled = &remembered_type;
} }
break; break;
@ -3850,6 +3877,9 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
string_delete (result); string_delete (result);
string_delete (&decl); string_delete (&decl);
if (is_proctypevec)
pop_processed_type (work);
if (success) if (success)
/* Assume an integral type, if we're not sure. */ /* Assume an integral type, if we're not sure. */
return (int) ((tk == tk_none) ? tk_integral : tk); return (int) ((tk == tk_none) ? tk_integral : tk);
@ -4262,6 +4292,41 @@ do_arg (struct work_stuff *work, const char **mangled, string *result)
return 1; return 1;
} }
static void
push_processed_type (struct work_stuff *work, int typevec_index)
{
if (work->nproctypes >= work->proctypevec_size)
{
if (!work->proctypevec_size)
{
work->proctypevec_size = 4;
work->proctypevec = XNEWVEC (int, work->proctypevec_size);
}
else
{
if (work->proctypevec_size < 16)
/* Double when small. */
work->proctypevec_size *= 2;
else
{
/* Grow slower when large. */
if (work->proctypevec_size > (INT_MAX / 3) * 2)
xmalloc_failed (INT_MAX);
work->proctypevec_size = (work->proctypevec_size * 3 / 2);
}
work->proctypevec
= XRESIZEVEC (int, work->proctypevec, work->proctypevec_size);
}
}
work->proctypevec [work->nproctypes++] = typevec_index;
}
static void
pop_processed_type (struct work_stuff *work)
{
work->nproctypes--;
}
static void static void
remember_type (struct work_stuff *work, const char *start, int len) remember_type (struct work_stuff *work, const char *start, int len)
{ {
@ -4526,10 +4591,13 @@ demangle_args (struct work_stuff *work, const char **mangled,
{ {
string_append (declp, ", "); string_append (declp, ", ");
} }
push_processed_type (work, t);
if (!do_arg (work, &tem, &arg)) if (!do_arg (work, &tem, &arg))
{ {
pop_processed_type (work);
return (0); return (0);
} }
pop_processed_type (work);
if (PRINT_ARG_TYPES) if (PRINT_ARG_TYPES)
{ {
string_appends (declp, &arg); string_appends (declp, &arg);

5
libiberty/testsuite/demangle-expected
View File

@ -4587,3 +4587,8 @@ _Z80800000000000000000000
__t2m05B500000000000000000_ __t2m05B500000000000000000_
__t2m05B500000000000000000_ __t2m05B500000000000000000_
#
# Tests stack overflow PR71696
__10%0__S4_0T0T0
%0<>::%0(%0<>)