[Bug c++/11572] New: Segmentation fault in name demangler on 64-bit

[Bug c++/11572] New: Segmentation fault in name demangler on 64-bit

[jameslyon0 at googlemail dot com]

I get a segmentation fault when trying to load my program. The crash happens in
the function d_find_pack during demangling. The name which ultimately causes
this error is:

_ZN3Psi7VariantIIcPKcEE5visitIIRZN11VariantTest9TestVisit11test_methodEvEUlS2_E0_RZNS6_11test_methodEvEUlcE1_RZNS6_11test_methodEvEUlNS_4NoneEE_EEENS_13VariantDetail19SelectVisitorResultIIDpT_EE4typeEDpOSG_

I'll attach a GDB session tracking the error. This appears to be related to
64-bit, since the s_unary_num.num field is set to zero in this instance which on
a 32-bit system would cause the s_binary.right field to be NULL, but that does
not happen here. In any case I don't think the s_binary member should be
accessed since the type is DEMANGLE_COMPONENT_LAMBDA, so I've fixed it by adding
a case to d_find_pack to check for it:

@@ -3467,7 +3467,8 @@
 
     case DEMANGLE_COMPONENT_PACK_EXPANSION:
       return NULL;

+    case DEMANGLE_COMPONENT_LAMBDA:
     case DEMANGLE_COMPONENT_NAME:
     case DEMANGLE_COMPONENT_OPERATOR:
     case DEMANGLE_COMPONENT_BUILTIN_TYPE:

I don't know if this is really the right place to fix it though.

-- 
           Summary: Segmentation fault in name demangler on 64-bit
           Product: gdb
           Version: 7.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: c++
        AssignedTo: unassigned at sourceware dot org
        ReportedBy: jameslyon0 at googlemail dot com
                CC: gdb-prs at sourceware dot org
  GCC host triplet: Ubuntu 10.04


http://sourceware.org/bugzilla/show_bug.cgi?id=11572

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug c++/11572] Segmentation fault in name demangler on 64-bit

[jameslyon0 at googlemail dot com]

------- Additional Comments From jameslyon0 at googlemail dot com  2010-05-05 20:38 -------
Created an attachment (id=4770)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=4770&action=view)
GDB session with backtrace and dumps of relevant data structures


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11572

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug c++/11572] Segmentation fault in name demangler on 64-bit

[tromey at redhat dot com]

------- Additional Comments From tromey at redhat dot com  2010-05-12 20:26 -------
The best way to get a review of this patch is to submit it to GCC,
where this code is canonically maintained.
Also you might consider adding a regression test to the demangler test suite.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=11572

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug c++/11572] Segmentation fault in name demangler on 64-bit

[tromey at redhat dot com]

------- Additional Comments From tromey at redhat dot com  2010-09-10 22:42 -------
I checked in the fix and test case.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|7.1                         |7.3


http://sourceware.org/bugzilla/show_bug.cgi?id=11572

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.