From: Nico Weber <nicolasweber@gmx.de>
Date: Thu, 11 Apr 2019 23:11:33 +0000 (+0000)
Subject: llvm-undname: Fix out-of-bounds read on invalid intrinsic function code
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4b4fd781e206d43da1c0d4c9454cedd21d1c1cd9;p=llvm

llvm-undname: Fix out-of-bounds read on invalid intrinsic function code

Found by inspection.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358239 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/include/llvm/Demangle/MicrosoftDemangle.h b/include/llvm/Demangle/MicrosoftDemangle.h
index 66553b4b250..442c41d6fd3 100644
--- a/include/llvm/Demangle/MicrosoftDemangle.h
+++ b/include/llvm/Demangle/MicrosoftDemangle.h
@@ -207,6 +207,8 @@ private:
   NamedIdentifierNode *demangleBackRefName(StringView &MangledName);
   IdentifierNode *demangleTemplateInstantiationName(StringView &MangledName,
                                                     NameBackrefBehavior NBB);
+  IntrinsicFunctionKind
+  translateIntrinsicFunctionCode(char CH, FunctionIdentifierCodeGroup Group);
   IdentifierNode *demangleFunctionIdentifierCode(StringView &MangledName);
   IdentifierNode *
   demangleFunctionIdentifierCode(StringView &MangledName,
diff --git a/lib/Demangle/MicrosoftDemangle.cpp b/lib/Demangle/MicrosoftDemangle.cpp
index c4559ccb5e2..0c3602a4a4c 100644
--- a/lib/Demangle/MicrosoftDemangle.cpp
+++ b/lib/Demangle/MicrosoftDemangle.cpp
@@ -511,12 +511,18 @@ Demangler::demangleLiteralOperatorIdentifier(StringView &MangledName) {
   return N;
 }
 
-static IntrinsicFunctionKind
-translateIntrinsicFunctionCode(char CH, FunctionIdentifierCodeGroup Group) {
+IntrinsicFunctionKind
+Demangler::translateIntrinsicFunctionCode(char CH,
+                                          FunctionIdentifierCodeGroup Group) {
+  using IFK = IntrinsicFunctionKind;
+  if (!(CH >= '0' && CH <= '9') && !(CH >= 'A' && CH <= 'Z')) {
+    Error = true;
+    return IFK::None;
+  }
+
   // Not all ? identifiers are intrinsics *functions*.  This function only maps
   // operator codes for the special functions, all others are handled elsewhere,
   // hence the IFK::None entries in the table.
-  using IFK = IntrinsicFunctionKind;
   static IFK Basic[36] = {
       IFK::None,             // ?0 # Foo::Foo()
       IFK::None,             // ?1 # Foo::~Foo()
diff --git a/test/Demangle/invalid-manglings.test b/test/Demangle/invalid-manglings.test
index 839218ad101..473b3e4bbe1 100644
--- a/test/Demangle/invalid-manglings.test
+++ b/test/Demangle/invalid-manglings.test
@@ -109,3 +109,8 @@
 ; CHECK-EMPTY:
 ; CHECK-NEXT: ?x@@3PAW
 ; CHECK-NEXT: error: Invalid mangled name
+
+??}
+; CHECK-EMPTY:
+; CHECK-NEXT: ??}
+; CHECK-NEXT: error: Invalid mangled name