On 05/26/2016 01:02 AM, Marcel Böhme wrote:
Hi: Pending review.
Best - Marcel
On 3 May 2016, at 10:40 PM, Marcel Böhme <boehme.mar...@gmail.com> wrote:
Hi,
This fixes four access violations
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926).
Two of these first read the value of a length variable len from the mangled
string, then strncpy len characters from the mangled string; more than
necessary.
The other two read the value of an array index n from the mangled string, which
can be negative due to an overflow.
Bootstrapped and regression tested on x86_64-pc-linux-gnu. Test cases added to
libiberty/testsuite/demangler-expected and checked PR70926 is resolved.
Best regards,
- Marcel
Index: libiberty/ChangeLog
===================================================================
--- libiberty/ChangeLog (revision 235801)
+++ libiberty/ChangeLog (working copy)
@@ -1,3 +1,12 @@
+2016-05-03 Marcel Böhme <boehme.mar...@gmail.com>
+
+ PR c++/70926
+ * cplus-dem.c: Handle large values and overflow when demangling
+ length variables.
+ (demangle_template_value_parm): Read only until end of mangled string.
+ (do_hpacc_template_literal): Likewise.
+ (do_type): Handle overflow when demangling array indices.
OK for the trunk. Please install.
Sorry for the delays.
Jeff
