]> granicus.if.org Git - llvm/commitdiff
projects / llvm / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54ee04c)
llvm-undname: Fix out-of-bounds read on invalid intrinsic function code
authorNico Weber <nicolasweber@gmx.de>
Thu, 11 Apr 2019 23:11:33 +0000 (23:11 +0000)
committerNico Weber <nicolasweber@gmx.de>
Thu, 11 Apr 2019 23:11:33 +0000 (23:11 +0000)
Found by inspection.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358239 91177308-0d34-0410-b5e6-96231b3b80d8

include/llvm/Demangle/MicrosoftDemangle.h patch | blob | history
lib/Demangle/MicrosoftDemangle.cpp patch | blob | history
test/Demangle/invalid-manglings.test patch | blob | history

diff --git a/include/llvm/Demangle/MicrosoftDemangle.h b/include/llvm/Demangle/MicrosoftDemangle.h
index 66553b4b25032f866f295713ef9455dcb7b72fa7..442c41d6fd36d8f29b45642c11b347af05f941ba 100644 (file)
--- a/include/llvm/Demangle/MicrosoftDemangle.h
+++ b/include/llvm/Demangle/MicrosoftDemangle.h
@@ -207,6 +207,8 @@ private:
   NamedIdentifierNode *demangleBackRefName(StringView &MangledName);
   IdentifierNode *demangleTemplateInstantiationName(StringView &MangledName,
                                                     NameBackrefBehavior NBB);
+  IntrinsicFunctionKind
+  translateIntrinsicFunctionCode(char CH, FunctionIdentifierCodeGroup Group);
   IdentifierNode *demangleFunctionIdentifierCode(StringView &MangledName);
   IdentifierNode *
   demangleFunctionIdentifierCode(StringView &MangledName,
diff --git a/lib/Demangle/MicrosoftDemangle.cpp b/lib/Demangle/MicrosoftDemangle.cpp
index c4559ccb5e23a5451f56481536433cbc73d3f774..0c3602a4a4c027cb119ebe0bbc35f7394128b07c 100644 (file)
--- a/lib/Demangle/MicrosoftDemangle.cpp
+++ b/lib/Demangle/MicrosoftDemangle.cpp
@@ -511,12 +511,18 @@ Demangler::demangleLiteralOperatorIdentifier(StringView &MangledName) {
   return N;
 }
 
-static IntrinsicFunctionKind
-translateIntrinsicFunctionCode(char CH, FunctionIdentifierCodeGroup Group) {
+IntrinsicFunctionKind
+Demangler::translateIntrinsicFunctionCode(char CH,
+                                          FunctionIdentifierCodeGroup Group) {
+  using IFK = IntrinsicFunctionKind;
+  if (!(CH >= '0' && CH <= '9') && !(CH >= 'A' && CH <= 'Z')) {
+    Error = true;
+    return IFK::None;
+  }
+
   // Not all ? identifiers are intrinsics *functions*.  This function only maps
   // operator codes for the special functions, all others are handled elsewhere,
   // hence the IFK::None entries in the table.
-  using IFK = IntrinsicFunctionKind;
   static IFK Basic[36] = {
       IFK::None,             // ?0 # Foo::Foo()
       IFK::None,             // ?1 # Foo::~Foo()
diff --git a/test/Demangle/invalid-manglings.test b/test/Demangle/invalid-manglings.test
index 839218ad1019a0443127830b42b8cd386213867a..473b3e4bbe15ce4ac229679f1deaf564d462bd77 100644 (file)
--- a/test/Demangle/invalid-manglings.test
+++ b/test/Demangle/invalid-manglings.test
@@ -109,3 +109,8 @@
 ; CHECK-EMPTY:
 ; CHECK-NEXT: ?x@@3PAW
 ; CHECK-NEXT: error: Invalid mangled name
+
+??}
+; CHECK-EMPTY:
+; CHECK-NEXT: ??}
+; CHECK-NEXT: error: Invalid mangled name
Unnamed repository; edit this file 'description' to name the repository.