git.efficios.com Git - deliverable/binutils-gdb.git/commit

author	Mark Wielaard <mark@klomp.org>
	Tue, 15 Nov 2016 19:31:50 +0000 (19:31 +0000)
committer	Mark Wielaard <mark@klomp.org>
	Fri, 18 Nov 2016 10:06:18 +0000 (11:06 +0100)
commit	1706852c3c6c1d39f949c933d37647d02509b9cb
tree	c5b36324ccb38e94d7c63d06b677cf68ca562b1f	tree \| snapshot
parent	59d2699cfd30f9defc454be17415c0a518ece32b	commit \| diff

libiberty: Fix some demangler crashes caused by reading past end of input.

In various situations the cplus_demangle () function could read past the
end of input causing crashes. Add checks in various places to not advance
the demangle string location and fail early when end of string is reached.
Add various examples of input strings to the testsuite that would crash
test-demangle before the fixes.

Found by using the American Fuzzy Lop (afl) fuzzer.

libiberty/ChangeLog:

       * cplus-dem.c (demangle_signature): After 'H', template function,
       no success and don't advance position if end of string reached.
       (demangle_template): After 'z', template name, return zero on
       premature end of string.
       (gnu_special): Guard strchr against searching for zero characters.
       (do_type): If member, only advance mangled string when 'F' found.
       * testsuite/demangle-expected: Add examples of strings that could
       crash the demangler by reading past end of input.

libiberty/ChangeLog		diff \| blob \| blame \| history
libiberty/cplus-dem.c		diff \| blob \| blame \| history
libiberty/testsuite/demangle-expected		diff \| blob \| blame \| history