Patch committed: Fix demangler crash

Tue, 26 Jul 2011 07:31:07 -0700 

binutils PR 13030 reports a demangler crash on the symbol
    _ZSt10_ConstructI10CellBorderIS0_EEvPT_DpOT0_

As far as I can tell, this symbol is invalid.  The final T0_ refers to
template argument 1, but this zero-based index has no referent since the
template only has one parameter.  This of course suggests a compiler
bug.  CC'ing Jason because this involves template packs which I haven't
looked into very much.

I committed this patch to avoid the crash in the demangler.

Ian


2011-07-26  Ian Lance Taylor  <i...@google.com>

        * cp-demangle.c (d_print_init): Initialize pack_index field.
        (d_print_comp): Check for NULL template argument.
        * testsuite/demangle-expected: Add test case.



Index: testsuite/demangle-expected
===================================================================
--- testsuite/demangle-expected	(revision 176790)
+++ testsuite/demangle-expected	(working copy)
@@ -4010,6 +4010,12 @@ K<1, &S::m>::f()
 _ZN1KILi1EXadL_ZN1S1mEEEE1fEv
 K<1, &S::m>::f()
 #
+# Used to crash -- binutils PR 13030.
+--format=gnu-v3
+_ZSt10_ConstructI10CellBorderIS0_EEvPT_DpOT0_
+_ZSt10_ConstructI10CellBorderIS0_EEvPT_DpOT0_
+_ZSt10_ConstructI10CellBorderIS0_EEvPT_DpOT0_
+#
 # Ada (GNAT) tests.
 #
 # Simple test.
Index: cp-demangle.c
===================================================================
--- cp-demangle.c	(revision 176790)
+++ cp-demangle.c	(working copy)
@@ -1,5 +1,5 @@
 /* Demangler for g++ V3 ABI.
-   Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+   Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
    Free Software Foundation, Inc.
    Written by Ian Lance Taylor <i...@wasabisystems.com>.
 
@@ -3306,6 +3306,7 @@ d_print_init (struct d_print_info *dpi, 
   dpi->last_char = '\0';
   dpi->templates = NULL;
   dpi->modifiers = NULL;
+  dpi->pack_index = 0;
   dpi->flush_count = 0;
 
   dpi->callback = callback;
@@ -3893,6 +3894,13 @@ d_print_comp (struct d_print_info *dpi, 
 	    struct demangle_component *a = d_lookup_template_argument (dpi, sub);
 	    if (a && a->type == DEMANGLE_COMPONENT_TEMPLATE_ARGLIST)
 	      a = d_index_template_argument (a, dpi->pack_index);
+
+	    if (a == NULL)
+	      {
+		d_print_error (dpi);
+		return;
+	      }
+
 	    sub = a;
 	  }

Reply via email to