Fix for PR70492

Fix for PR70492

[Marcel Böhme]

Hi,

This fixes the invalid write of size 8 detailed in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492

Handle the special case when consume_count returns -1 due to an integer overflow when parsing the length of the virtual table qualifier in cplus-dem.c:2994 (gnu_special).

Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c	(revision 234663)
+++ libiberty/cplus-dem.c	(working copy)
@@ -3001,6 +3001,11 @@ gnu_special (work, mangled, declp)
 		      success = 1;
 		      break;
 		    }
+                  else if (n == -1)
+                    {
+                      success = 0;
+                      break;
+                    }
 		}
 	      else
 		{

Re: Fix for PR70492

[Bernd Schmidt]

On 04/01/2016 05:03 AM, Marcel Böhme wrote:
> This fixes the invalid write of size 8 detailed in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
>
> Handle the special case when consume_count returns -1 due to an integer overflow when parsing the length of the virtual table qualifier in cplus-dem.c:2994 (gnu_special).
>
> Index: libiberty/cplus-dem.c
> ===================================================================
> --- libiberty/cplus-dem.c	(revision 234663)
> +++ libiberty/cplus-dem.c	(working copy)
> @@ -3001,6 +3001,11 @@ gnu_special (work, mangled, declp)
>   		      success = 1;
>   		      break;
>   		    }
> +                  else if (n == -1)
> +                    {
> +                      success = 0;
> +                      break;
> +                    }

I've discussed these patches with Jakub and he gave me RM green light 
for these patches at this stage. I've committed this one, and the one 
for PR69687.

Some more comments for next time. Patch submissions should include 
ChangeLog entries. For whitespace, try to follow the prevalent style 
which is to begin the line with tab characters; the patch above contains 
only spaces.


Bernd