From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [IPv6:2001:67c:2050::465:102]) by sourceware.org (Postfix) with ESMTPS id 3E705385782B for ; Fri, 4 Sep 2020 16:23:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3E705385782B Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4Bjjf04C7yzKmT9; Fri, 4 Sep 2020 18:23:20 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030) with ESMTP id Xe8yknabMG4d; Fri, 4 Sep 2020 18:23:17 +0200 (CEST) Date: Fri, 04 Sep 2020 18:23:10 +0200 From: Iain Buclaw Subject: Re: ubsan: d-demangle.c:214 signed integer overflow To: Alan Modra Cc: gcc-patches@gcc.gnu.org, Ian Lance Taylor References: <20200903130116.GQ15695@bubble.grove.modra.org> <1599163400.8r2ly1k30n.astroid@galago.none> <20200904005939.GR15695@bubble.grove.modra.org> <1599207109.qqwjbgoeso.astroid@galago.none> <20200904133403.GV15695@bubble.grove.modra.org> In-Reply-To: <20200904133403.GV15695@bubble.grove.modra.org> MIME-Version: 1.0 Message-Id: <1599234463.wegd8hf5fw.astroid@galago.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-MBO-SPAM-Probability: X-Rspamd-Score: -3.63 / 15.00 / 15.00 X-Rspamd-Queue-Id: 72B4F683 X-Rspamd-UID: afe535 X-Spam-Status: No, score=-15.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2020 16:23:23 -0000 Excerpts from Alan Modra's message of September 4, 2020 3:34 pm: > So this one is on top of the previously posted patch. >=20 > * d-demangle.c (string_need): Take a size_t n arg, and use size_t tem. > (string_append): Use size_t n. > (string_appendn, string_prependn): Take a size_t n arg. > (TEMPLATE_LENGTH_UNKNOWN): Define as -1UL. > * d-demangle.c (dlang_number): Make "ret" an unsigned long*. > Only succeed for result of [0,4294967295UL]. > (dlang_decode_backref): Only succeed for result [1,MAX_LONG]. > (dlang_backref): Remove now unnecessary range check. > (dlang_symbol_name_p): Likewise. > (dlang_lname, dlang_parse_template): Take an unsigned long len > arg. > (dlang_symbol_backref, dlang_identifier, dlang_parse_integer), > (dlang_parse_integer, dlang_parse_string), > (dlang_parse_arrayliteral, dlang_parse_assocarray), > (dlang_parse_structlit, dlang_parse_tuple), > (dlang_template_symbol_param, dlang_template_args): Use > unsigned long variables. > * testsuite/d-demangle-expected: Add new tests. >=20 > diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c > index 59e6ae007a..152f620abf 100644 > --- a/libiberty/d-demangle.c > +++ b/libiberty/d-demangle.c > @@ -62,9 +62,9 @@ typedef struct string /* Beware: these aren't required= to be */ > } string; > =20 > static void > -string_need (string *s, int n) > +string_need (string *s, size_t n) > { > - int tem; > + size_t tem; > =20 > if (s->b =3D=3D NULL) > { > @@ -75,7 +75,7 @@ string_need (string *s, int n) > s->p =3D s->b =3D XNEWVEC (char, n); > s->e =3D s->b + n; > } > - else if (s->e - s->p < n) > + else if ((size_t) (s->e - s->p) < n) > { > tem =3D s->p - s->b; > n +=3D tem; > @@ -124,14 +124,14 @@ string_setlength (string *s, int n) > static void > string_append (string *p, const char *s) > { > - int n =3D strlen (s); > + size_t n =3D strlen (s); > string_need (p, n); > memcpy (p->p, s, n); > p->p +=3D n; > } > =20 > static void > -string_appendn (string *p, const char *s, int n) > +string_appendn (string *p, const char *s, size_t n) > { > if (n !=3D 0) > { > @@ -142,7 +142,7 @@ string_appendn (string *p, const char *s, int n) > } > =20 > static void > -string_prependn (string *p, const char *s, int n) > +string_prependn (string *p, const char *s, size_t n) > { > char *q; > =20 > @@ -177,7 +177,7 @@ struct dlang_info > }; > =20 > /* Pass as the LEN to dlang_parse_template if symbol length is not known= . */ > -enum { TEMPLATE_LENGTH_UNKNOWN =3D -1 }; > +#define TEMPLATE_LENGTH_UNKNOWN (-1UL) > =20 > /* Prototypes for forward referenced functions */ > static const char *dlang_function_type (string *, const char *, > @@ -200,15 +200,16 @@ static const char *dlang_parse_tuple (string *, con= st char *, > struct dlang_info *); > =20 > static const char *dlang_parse_template (string *, const char *, > - struct dlang_info *, long); > + struct dlang_info *, unsigned long); > =20 > -static const char *dlang_lname (string *, const char *, long); > +static const char *dlang_lname (string *, const char *, unsigned long); > =20 > =20 > /* Extract the number from MANGLED, and assign the result to RET. > - Return the remaining string on success or NULL on failure. */ > + Return the remaining string on success or NULL on failure. > + A result larger than 4294967295UL is considered a failure. */ If we're already using limits.h, I guess it should be fine to also add #define UINT_MAX ((unsigned) ~0U) I'll leave it to your judgement on that though. Other than that, OK from me. Iain.