maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Fix ASAN failures in the demangler 

These were found fuzzing with ASAN.

llvm-svn: 278579
This commit is contained in:
Mehdi Amini 2016-08-13 00:02:33 +00:00
parent cf56e92c50
commit 4d03572c14
2 changed files with 72 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
libcxxabi/src/cxa_demangle.cpp
View File

@ -624,6 +624,8 @@ parse_const_cast_expr(const char* first, const char* last, C& db)
return first;
auto expr = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back() = "const_cast<" + db.names.back().move_full() + ">(" + expr + ")";
first = t1;
}
@ -650,6 +652,8 @@ parse_dynamic_cast_expr(const char* first, const char* last, C& db)
return first;
auto expr = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back() = "dynamic_cast<" + db.names.back().move_full() + ">(" + expr + ")";
first = t1;
}
@ -676,6 +680,8 @@ parse_reinterpret_cast_expr(const char* first, const char* last, C& db)
return first;
auto expr = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back() = "reinterpret_cast<" + db.names.back().move_full() + ">(" + expr + ")";
first = t1;
}
@ -1294,6 +1300,8 @@ parse_dot_expr(const char* first, const char* last, C& db)
return first;
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first += "." + name;
first = t1;
}
@ -2896,6 +2904,8 @@ base_name(String& s)
++c;
}
}
if (pe - pf <= 1)
return String();
const char* p0 = pe - 1;
for (; p0 != pf; --p0)
{
@ -3016,7 +3026,8 @@ parse_unnamed_type_name(const char* first, const char* last, C& db)
const char* t1 = parse_type(t0, last, db);
if (t1 == t0)
{
db.names.pop_back();
if(!db.names.empty())
db.names.pop_back();
return first;
}
if (db.names.size() < 2)
@ -3041,17 +3052,21 @@ parse_unnamed_type_name(const char* first, const char* last, C& db)
}
t0 = t1;
}
if(db.names.empty())
return first;
db.names.back().first.append(")");
}
if (t0 == last || *t0 != 'E')
{
if(!db.names.empty())
db.names.pop_back();
return first;
}
++t0;
if (t0 == last)
{
db.names.pop_back();
if(!db.names.empty())
db.names.pop_back();
return first;
}
if (std::isdigit(*t0))
@ -3064,7 +3079,8 @@ parse_unnamed_type_name(const char* first, const char* last, C& db)
}
if (t0 == last || *t0 != '_')
{
db.names.pop_back();
if(!db.names.empty())
db.names.pop_back();
return first;
}
first = t0 + 1;
@ -3251,7 +3267,7 @@ parse_binary_expression(const char* first, const char* last, const typename C::S
nm += ')';
first = t2;
}
else
else if(!db.names.empty())
db.names.pop_back();
}
return first;
@ -3490,7 +3506,7 @@ parse_expression(const char* first, const char* last, C& db)
db.names.back() = "(" + op1 + ")[" + op2 + "]";
first = t2;
}
else
else if (!db.names.empty())
db.names.pop_back();
}
}
@ -3686,11 +3702,13 @@ parse_expression(const char* first, const char* last, C& db)
}
else
{
if (db.names.size() < 2)
return first;
db.names.pop_back();
db.names.pop_back();
}
}
else
else if (!db.names.empty())
db.names.pop_back();
}
}
@ -3879,8 +3897,9 @@ parse_template_args(const char* first, const char* last, C& db)
args += ", ";
args += db.names[k].move_full();
}
for (; k1 != k0; --k1)
db.names.pop_back();
for (; k1 > k0; --k1)
if (!db.names.empty())
db.names.pop_back();
t = t1;
}
first = t + 1;
@ -3959,6 +3978,8 @@ parse_nested_name(const char* first, const char* last, C& db,
{
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
if (!db.names.back().first.empty())
{
db.names.back().first += "::" + name;
@ -3978,6 +3999,8 @@ parse_nested_name(const char* first, const char* last, C& db,
{
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
if (!db.names.back().first.empty())
db.names.back().first += "::" + name;
else
@ -3997,6 +4020,8 @@ parse_nested_name(const char* first, const char* last, C& db,
{
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
if (!db.names.back().first.empty())
db.names.back().first += "::" + name;
else
@ -4014,6 +4039,8 @@ parse_nested_name(const char* first, const char* last, C& db,
{
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first += name;
db.subs.push_back(typename C::sub_type(1, db.names.back(), db.names.get_allocator()));
t0 = t1;
@ -4033,6 +4060,8 @@ parse_nested_name(const char* first, const char* last, C& db,
{
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
if (!db.names.back().first.empty())
db.names.back().first += "::" + name;
else
@ -4130,11 +4159,13 @@ parse_local_name(const char* first, const char* last, C& db,
return first;
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first.append("::");
db.names.back().first.append(name);
first = t1;
}
else
else if (!db.names.empty())
db.names.pop_back();
}
}
@ -4151,10 +4182,12 @@ parse_local_name(const char* first, const char* last, C& db,
return first;
auto name = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first.append("::");
db.names.back().first.append(name);
}
else
else if (!db.names.empty())
db.names.pop_back();
}
break;
@ -4219,6 +4252,8 @@ parse_name(const char* first, const char* last, C& db,
return first;
auto tmp = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first += tmp;
first = t1;
if (ends_with_template_args)
@ -4241,6 +4276,8 @@ parse_name(const char* first, const char* last, C& db,
return first;
auto tmp = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first += tmp;
first = t1;
if (ends_with_template_args)
@ -4399,6 +4436,8 @@ parse_special_name(const char* first, const char* last, C& db)
return first;
auto left = db.names.back().move_full();
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first = "construction vtable for " +
std::move(left) + "-in-" +
db.names.back().move_full();
@ -4538,6 +4577,9 @@ parse_encoding(const char* first, const char* last, C& db)
if (ret2.empty())
ret1 += ' ';
db.names.pop_back();
if (db.names.empty())
return first;
db.names.back().first.insert(0, ret1);
t = t2;
}
@ -4565,8 +4607,11 @@ parse_encoding(const char* first, const char* last, C& db)
tmp += ", ";
tmp += db.names[k].move_full();
}
for (size_t k = k0; k < k1; ++k)
for (size_t k = k0; k < k1; ++k) {
if (db.names.empty())
return first;
db.names.pop_back();
}
if (!tmp.empty())
{
if (db.names.empty())

16
libcxxabi/test/test_demangle.pass.cpp
View File

@ -29591,6 +29591,7 @@ const char* cases[][2] =
{"_ZZ4testvEN1g3fooE5Point", "test()::g::foo(Point)"},
{"_ZThn12_NSt9strstreamD0Ev", "non-virtual thunk to std::strstream::~strstream()"},
{"_ZTv0_n12_NSt9strstreamD0Ev", "virtual thunk to std::strstream::~strstream()"},
{"\x6D", "unsigned long"}, // This use to crash with ASAN
};
const unsigned N = sizeof(cases) / sizeof(cases[0]);
@ -29636,6 +29637,21 @@ const char* invalid_cases[] =
#if !LDBL_FP80
"_ZN5test01hIfEEvRAcvjplstT_Le4001a000000000000000E_c",
#endif
// The following test cases were found by libFuzzer+ASAN
"\x44\x74\x70\x74\x71\x75\x34\x43\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x34\xD3\x73\x9E\x2A\x37",
"\x4D\x41\x72\x63\x4E\x39\x44\x76\x72\x4D\x34\x44\x53\x4B\x6F\x44\x54\x6E\x61\x37\x47\x77\x78\x38\x43\x27\x41\x5F\x73\x70\x69\x45*",
"\x41\x64\x6E\x32*",
"\x43\x46\x41\x67\x73*",
"\x72\x3A\x4E\x53\x64\x45\x39\x4F\x52\x4E\x1F\x43\x34\x64\x54\x5F\x49\x31\x41\x63\x6C\x37\x2A\x4D\x41\x67\x73\x76\x43\x54\x35\x5F\x49\x4B\x4C\x55\x6C\x73\x4C\x38\x64\x43\x41\x47\x4C\x5A\x28\x4F\x41\x6E\x77\x5F\x53\x6F\x70\x69\x45\x5F\x63\x47\x61\x4C\x31\x4F\x4C\x33\x3E\x41\x4C\x4B\x4C\x55\x6C\x73\x4C\x38\x64\x43\x66\x41\x47\x4C\x5A\x28\x4F\x41\x6E\x77\x5F\x53\x6F\x70\x69\x45\x5F\x37\x41*",
"\x2D\x5F\x63\x47\x4F\x63\xD3",
"\x44\x74\x70\x74\x71\x75\x32\x43\x41\x38\x65\x6E\x9B\x72\x4D\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\xC3\x53\xF9\x5F\x70\x74\x70\x69\x45\x38\xD3\x73\x9E\x2A\x37",
"\x4C\x5A\x4C\x55\x6C\x4D\x41\x5F\x41\x67\x74\x71\x75\x34\x4D\x41\x64\x73\x4C\x44\x76\x72\x4D\x34\x44\x4B\x44\x54\x6E\x61\x37\x47\x77\x78\x38\x43\x27\x41\x5F\x73\x70\x69\x45\x6D\x73\x72\x53\x41\x6F\x41\x7B",
"\x44\x74\x70\x74\x71\x75\x32\x43\x41\x38\x65\x6E\x9B\x72\x4D\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x2C\x53\xF9\x5F\x70\x74\x70\x69\x45\xB4\xD3\x73\x9F\x2A\x37",
"\x4C\x5A\x4C\x55\x6C\x69\x4D\x73\x72\x53\x6F\x7A\x41\x5F\x41\x67\x74\x71\x75\x32\x4D\x41\x64\x73\x39\x28\x76\x72\x4D\x34\x44\x4B\x45\x54\x6E\x61\x37\x47\x77\x78\x38\x43\x27\x41\x5F\x73\x70\x69\x45\x6F\x45\x49\x6D\x1A\x4C\x53\x38\x6A\x7A\x5A",
"\x44\x74\x63*",
"\x44\x74\x71\x75\x35\x2A\xDF\x74\x44\x61\x73\x63\x35\x2A\x3B\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x63\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x33\x44\x76\x35",
"\x44\x74\x70\x74\x71\x75\x32\x43\x41\x38\x65\x6E\x9B\x72\x4D\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x38\xD3\x73\x9E\x2A\x37",
"\x46\x44\x74\x70\x74\x71\x75\x32\x43\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x34\xD3\x73\x9E\x2A\x37\x72\x33\x8E\x3A\x29\x8E\x44\x35",
};
const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);