llvm-undname: Fix nullptr deref on invalid structor names in template args

Similar to r358421: A StructorIndentifierNode has a Class field which
is read when printing it, but if the StructorIndentifierNode appears in
a template argument then demangleFullyQualifiedSymbolName() which sets
Class isn't called. Since StructorIndentifierNodes are always leaf
names, we can just reject them as well.

Found by oss-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358491 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Demangle/MicrosoftDemangle.cpp b/lib/Demangle/MicrosoftDemangle.cpp
index c3bdfa23d1f5507893fe85208fceb9c4dcf27cb8..49cfcde9c58a058eed0c671867bf006f7df7fc59 100644 (file)
--- a/lib/Demangle/MicrosoftDemangle.cpp
+++ b/lib/Demangle/MicrosoftDemangle.cpp
@@ -949,9 +949,10 @@ Demangler::demangleTemplateInstantiationName(StringView &MangledName,
 
   if (NBB & NBB_Template) {
     // NBB_Template is only set for types and non-leaf names ("a::" in "a::b").
-    // A conversion operator only makes sense in a leaf name , so reject it in
-    // NBB_Template contexts.
-    if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) {
+    // Structors and conversion operators only makes sense in a leaf name, so
+    // reject them in NBB_Template contexts.
+    if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier ||
+        Identifier->kind() == NodeKind::StructorIdentifier) {
       Error = true;
       return nullptr;
     }

diff --git a/test/Demangle/invalid-manglings.test b/test/Demangle/invalid-manglings.test
index dcfc99f3e5425989d3192dffa78d1a89d936878d..84c2b32bf2075d473abbeed318c0be1970a0c211 100644 (file)
--- a/test/Demangle/invalid-manglings.test
+++ b/test/Demangle/invalid-manglings.test
@@ -134,3 +134,8 @@
 ; CHECK-EMPTY:
 ; CHECK-NEXT: ?foo@?$?BH@@QAEHXZ
 ; CHECK-NEXT: error: Invalid mangled name
+
+?foo@?$?0H@
+; CHECK-EMPTY:
+; CHECK-NEXT: ?foo@?$?0H@
+; CHECK-NEXT: error: Invalid mangled name