Greetings, This is rather on the trivial side. Google fuzzer found signed integer overflow in d_number, given this input: _ZZccDF2147483647 Google ref: b141647507.
Ok for trunk? Thanks, libiberty/ChangeLog 2019-10-28 Paul Pluzhnikov <ppluzhni...@google.com> * cp-demangle (d_number): Avoid signed int overflow. -- Paul Pluzhnikov
Index: libiberty/cp-demangle.c =================================================================== --- libiberty/cp-demangle.c (revision 277545) +++ libiberty/cp-demangle.c (working copy) @@ -1717,7 +1717,7 @@ } if (ret > ((INT_MAX - (peek - '0')) / 10)) return -1; - ret = ret * 10 + peek - '0'; + ret = ret * 10 + (peek - '0'); d_advance (di, 1); peek = d_peek_char (di); }