On Mon, Nov 14, 2016 at 1:19 AM, Mark Wielaard <m...@klomp.org> wrote: > In various situations the cplus_demangle () function could read past the > end of input causing crashes. Add checks in various places to not advance > the demangle string location and fail early when end of string is reached. > Add various examples of input strings to the testsuite that would crash > test-demangle before the fixes. > > Found by using the American Fuzzy Lop (afl) fuzzer. > > libiberty/ChangeLog: > > * cplus-dem.c (demangle_signature): After 'H', template function, > no success and don't advance position if end of string reached. > (demangle_template): After 'z', template name, return zero on > premature end of string. > (gnu_special): Guard strchr against searching for zero characters. > (do_type): If member, only advance mangled string when 'F' found. > * testsuite/demangle-expected: Add examples of strings that could > crash the demangler by reading past end of input. > ---
This is OK. Thanks. Ian