[demangler] Fix a exponential string copying bug

The problem was that if base_name() was called from a context without an actual base name, it could gulp up the entire string, which can result in recursive duplications. The fix is to be more strict as to what qualifies as a base name. Differential revision: https://reviews.llvm.org/D33637 llvm-svn: 304113
2017-05-28 23:15:50 +00:00 · 2017-05-28 23:15:50 +00:00 · a34ea7583f
parent a288ec412f
commit a34ea7583f
2 changed files with 5 additions and 0 deletions
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@ -2915,6 +2915,10 @@ base_name(String& s)
            ++p0;
            break;
        }
+        if (!isalpha(*p0) && !isdigit(*p0) && *p0 != '_')
+        {
+            return String();
+        }
    }
    return String(p0, pe);
 }
--- a/libcxxabi/test/test_demangle.pass.cpp
+++ b/libcxxabi/test/test_demangle.pass.cpp
@ -29668,6 +29668,7 @@ const char* invalid_cases[] =
    "\x46\x44\x74\x70\x74\x71\x75\x32\x43\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x34\xD3\x73\x9E\x2A\x37\x72\x33\x8E\x3A\x29\x8E\x44\x35",
    "_ZcvCiIJEEDvT__FFFFT_vT_v",
    "Z1JIJ1_T_EE3o00EUlT_E0",
+    "___Z2i_D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
 };

 const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);