From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7480 invoked by alias); 1 Jul 2005 13:24:53 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 7426 invoked by uid 48); 1 Jul 2005 13:24:47 -0000 Date: Fri, 01 Jul 2005 13:24:00 -0000 From: "sb at biallas dot net" To: gcc-bugs@gcc.gnu.org Message-ID: <20050701132442.22268.sb@biallas.net> Reply-To: gcc-bugzilla@gcc.gnu.org Subject: [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name X-Bugzilla-Reason: CC X-SW-Source: 2005-07/txt/msg00048.txt.bz2 List-Id: I use the libiberty c++ name demangler for unmangling symbols. Since I don't know whether the symbols are really mangled, the demangler will sometimes see names which are either mangled with a completely different mangler or even not mangled at all. This is quite a good stress test for the demangler and I've encountered a symbol name on which it fails (crashes). The symbol is "ALsetchannels" which will be regarded as an array type ('A') with exp-primary ('L'). But the exp-primary end-marker ('E') is missing, this will result in an endless loop in d_expr_primary(): 2337 while (d_peek_char (di) != 'E') 2338 d_advance (di, 1); Example program showing crash (or other undefined behaviour): #include "demangle.h" int main() { cplus_demangle_v3("ALsetchannels", DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES); return 0; } -- Summary: libiberty demanger crashes on (invalid) mangled name Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P2 Component: other AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: sb at biallas dot net CC: gcc-bugs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268