public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name @ 2005-07-01 13:24 sb at biallas dot net 2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: sb at biallas dot net @ 2005-07-01 13:24 UTC (permalink / raw) To: gcc-bugs I use the libiberty c++ name demangler for unmangling symbols. Since I don't know whether the symbols are really mangled, the demangler will sometimes see names which are either mangled with a completely different mangler or even not mangled at all. This is quite a good stress test for the demangler and I've encountered a symbol name on which it fails (crashes). The symbol is "ALsetchannels" which will be regarded as an array type ('A') with exp-primary ('L'). But the exp-primary end-marker ('E') is missing, this will result in an endless loop in d_expr_primary(): 2337 while (d_peek_char (di) != 'E') 2338 d_advance (di, 1); Example program showing crash (or other undefined behaviour): #include "demangle.h" int main() { cplus_demangle_v3("ALsetchannels", DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES); return 0; } -- Summary: libiberty demanger crashes on (invalid) mangled name Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P2 Component: other AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: sb at biallas dot net CC: gcc-bugs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name 2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net @ 2005-07-01 15:11 ` sb at biallas dot net 2005-07-01 15:24 ` pinskia at gcc dot gnu dot org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: sb at biallas dot net @ 2005-07-01 15:11 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From sb at biallas dot net 2005-07-01 15:11 ------- Created an attachment (id=9189) --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=9189&action=view) proposed patch Patch against my local copy of cp-demangle.c Should apply cleanly to the CVS version of libiberty. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name 2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net 2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net @ 2005-07-01 15:24 ` pinskia at gcc dot gnu dot org 2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org 2005-07-01 16:42 ` ian at airs dot com 3 siblings, 0 replies; 5+ messages in thread From: pinskia at gcc dot gnu dot org @ 2005-07-01 15:24 UTC (permalink / raw) To: gcc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- CC| |ian at airs dot com http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name 2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net 2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net 2005-07-01 15:24 ` pinskia at gcc dot gnu dot org @ 2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org 2005-07-01 16:42 ` ian at airs dot com 3 siblings, 0 replies; 5+ messages in thread From: cvs-commit at gcc dot gnu dot org @ 2005-07-01 16:39 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-07-01 16:39 ------- Subject: Bug 22268 CVSROOT: /cvs/gcc Module name: gcc Changes by: ian@gcc.gnu.org 2005-07-01 16:39:36 Modified files: libiberty : ChangeLog cp-demangle.c libiberty/testsuite: demangle-expected Log message: PR other/22268 * cp-demangle.c (d_expr_primary): Don't run off the end of the string while looking for the end of a literal value. * testsuite/demangle-expected: Add test case. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/ChangeLog.diff?cvsroot=gcc&r1=1.586&r2=1.587 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/cp-demangle.c.diff?cvsroot=gcc&r1=1.82&r2=1.83 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/testsuite/demangle-expected.diff?cvsroot=gcc&r1=1.32&r2=1.33 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name 2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net ` (2 preceding siblings ...) 2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org @ 2005-07-01 16:42 ` ian at airs dot com 3 siblings, 0 replies; 5+ messages in thread From: ian at airs dot com @ 2005-07-01 16:42 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From ian at airs dot com 2005-07-01 16:42 ------- Thanks for the test case and the patch. I have committed a slightly different patch, which should also fix the problem. -- What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED Target Milestone|--- |4.1.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-07-01 16:42 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net 2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net 2005-07-01 15:24 ` pinskia at gcc dot gnu dot org 2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org 2005-07-01 16:42 ` ian at airs dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).