Greetings,
This is rather on the trivial side. Google fuzzer found signed integer
overflow in d_number, given this input: _ZZccDF2147483647
Google ref: b141647507.
Ok for trunk?
Thanks,
libiberty/ChangeLog
2019-10-28 Paul Pluzhnikov <ppluzhni...@google.com>
* cp-demangle (d_number): Avoid signed int overflow.
--
Paul Pluzhnikov
Index: libiberty/cp-demangle.c
===================================================================
--- libiberty/cp-demangle.c (revision 277545)
+++ libiberty/cp-demangle.c (working copy)
@@ -1717,7 +1717,7 @@
}
if (ret > ((INT_MAX - (peek - '0')) / 10))
return -1;
- ret = ret * 10 + peek - '0';
+ ret = ret * 10 + (peek - '0');
d_advance (di, 1);
peek = d_peek_char (di);
}
