public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name
@ 2005-07-01 13:24 sb at biallas dot net
2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: sb at biallas dot net @ 2005-07-01 13:24 UTC (permalink / raw)
To: gcc-bugs
I use the libiberty c++ name demangler for unmangling symbols. Since I don't
know whether the symbols are really mangled, the demangler will sometimes see
names which are either mangled with a completely different mangler or even not
mangled at all.
This is quite a good stress test for the demangler and I've encountered a symbol
name on which it fails (crashes). The symbol is "ALsetchannels" which will be
regarded as an array type ('A') with exp-primary ('L'). But the exp-primary
end-marker ('E') is missing, this will result in an endless loop in
d_expr_primary():
2337 while (d_peek_char (di) != 'E')
2338 d_advance (di, 1);
Example program showing crash (or other undefined behaviour):
#include "demangle.h"
int main()
{
cplus_demangle_v3("ALsetchannels", DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES);
return 0;
}
--
Summary: libiberty demanger crashes on (invalid) mangled name
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: other
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: sb at biallas dot net
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name
2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net
@ 2005-07-01 15:11 ` sb at biallas dot net
2005-07-01 15:24 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: sb at biallas dot net @ 2005-07-01 15:11 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From sb at biallas dot net 2005-07-01 15:11 -------
Created an attachment (id=9189)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=9189&action=view)
proposed patch
Patch against my local copy of cp-demangle.c
Should apply cleanly to the CVS version of libiberty.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name
2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net
2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net
@ 2005-07-01 15:24 ` pinskia at gcc dot gnu dot org
2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org
2005-07-01 16:42 ` ian at airs dot com
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-07-01 15:24 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |ian at airs dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name
2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net
2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net
2005-07-01 15:24 ` pinskia at gcc dot gnu dot org
@ 2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org
2005-07-01 16:42 ` ian at airs dot com
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2005-07-01 16:39 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-07-01 16:39 -------
Subject: Bug 22268
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: ian@gcc.gnu.org 2005-07-01 16:39:36
Modified files:
libiberty : ChangeLog cp-demangle.c
libiberty/testsuite: demangle-expected
Log message:
PR other/22268
* cp-demangle.c (d_expr_primary): Don't run off the end of the
string while looking for the end of a literal value.
* testsuite/demangle-expected: Add test case.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/ChangeLog.diff?cvsroot=gcc&r1=1.586&r2=1.587
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/cp-demangle.c.diff?cvsroot=gcc&r1=1.82&r2=1.83
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libiberty/testsuite/demangle-expected.diff?cvsroot=gcc&r1=1.32&r2=1.33
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug other/22268] libiberty demanger crashes on (invalid) mangled name
2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net
` (2 preceding siblings ...)
2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org
@ 2005-07-01 16:42 ` ian at airs dot com
3 siblings, 0 replies; 5+ messages in thread
From: ian at airs dot com @ 2005-07-01 16:42 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From ian at airs dot com 2005-07-01 16:42 -------
Thanks for the test case and the patch. I have committed a slightly different
patch, which should also fix the problem.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.1.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22268
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-07-01 16:42 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-07-01 13:24 [Bug other/22268] New: libiberty demanger crashes on (invalid) mangled name sb at biallas dot net
2005-07-01 15:11 ` [Bug other/22268] " sb at biallas dot net
2005-07-01 15:24 ` pinskia at gcc dot gnu dot org
2005-07-01 16:39 ` cvs-commit at gcc dot gnu dot org
2005-07-01 16:42 ` ian at airs dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).