From patchwork Fri Apr  1 03:03:52 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Marcel_B=C3=B6hme?= <boehme.marcel@gmail.com>
X-Patchwork-Id: 604566
Return-Path: 
 <gcc-patches-return-424159-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3qbmSR1NfRz9sBf
	for <incoming@patchwork.ozlabs.org>;
	Fri,  1 Apr 2016 14:04:22 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b=mpy9Lxfw; dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:content-type:content-transfer-encoding:subject:message-id:date
	:to:mime-version; q=dns; s=default; b=k5QEUirXpw3OvWG/B+gS1OskiO
	MX1XWvEJUm89e8QzJSd2HQEe9k7aVg9DUu3v7cKiCRlZlQEm8Ra+/Ie826sbRciL
	twxmn2zpWQdopYAWIzid/HAzZOin76avUeymPZIyT3Bpd0HFYcfOR5ikv4bVnWDB
	FuXWqLHz6PTrwRslU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:content-type:content-transfer-encoding:subject:message-id:date
	:to:mime-version; s=default; bh=aZKhrLZGVsrWKSfSX8khdnF2RTs=; b=
	mpy9LxfwFxVOdAMKiatx2hrS73TDR7xmrffttf6ALbgtT4iyO4hp4DMmnfoyz7e8
	aOAv/b08a4XUpO2OQ+aMyXKZFeJQ4K4ruhbVtqtefDGjyKEnY145LnGfsSzihDii
	h8ydl6OksGbnZ7l4//H85TSF5YWpx6fr387ovBpWGKU=
Received: (qmail 105546 invoked by alias); 1 Apr 2016 03:04:12 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 103763 invoked by uid 89); 1 Apr 2016 03:04:07 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,
	FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,
	SPF_PASS autolearn=ham version=3.3.2 spammy=HMime-Version:3124,
	HMime-Version:9.3
X-HELO: mail-pa0-f48.google.com
Received: from mail-pa0-f48.google.com (HELO mail-pa0-f48.google.com)
	(209.85.220.48) by sourceware.org
	(qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256
	encrypted) ESMTPS; Fri, 01 Apr 2016 03:03:57 +0000
Received: by mail-pa0-f48.google.com with SMTP id fe3so80122002pab.1 for
	<gcc-patches@gcc.gnu.org>; Thu, 31 Mar 2016 20:03:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
	s=20130820;
	h=x-gm-message-state:from:content-transfer-encoding:subject
	:message-id:date:to:mime-version;
	bh=TIEhnZx3pPT9ebWXvBtexO5W9KXasvMkrnIyt9xfVv8=;
	b=Uyt2AfAoIIhtQ23WakwS774TlLnrbeYiqw+ZXI1El+R5/KBkrVUNuUYSR7yu6nMsBb
	Z0V+tqFtI52hAeND18de3NqC98V4YFPk1E/hq7gA8x6OqNT36S4rNYdLdgRCrx3nCqzX
	e+XuJ6URiHsKO0td5Sb77AIt5IyfVymCXdbvDx8q0sF88SgcVuifSQUVbO3OhZMrpgEh
	7hq8uKlNPu7vKgyyngpotyFcGWn1lCAAhEktqg29QJ2MXH61/NFBCxbAdbkbm0WzYPeh
	nhW1wGZUHi6H/zO4K6qtYvh3BavCRcd7LRl0Niv3hVRaAddJdfScznh/KrkHEhpO00eW
	AyAw==
X-Gm-Message-State: 
 AD7BkJLfHYDerVIpJB2U6z6pp/jZuJs4gIWF4VnRIHIfWlLTaobxm8KCNu/vvwBAqzHAjA==
X-Received: by 10.66.164.39 with SMTP id yn7mr27002791pab.107.1459479835803;
	Thu, 31 Mar 2016 20:03:55 -0700 (PDT)
Received: from r-175-104-25-172.comp.nus.edu.sg
	(nusnet-233-233.dynip.nus.edu.sg. [137.132.233.233]) by
	smtp.gmail.com with ESMTPSA id
	to9sm16412138pab.27.2016.03.31.20.03.53 for
	<gcc-patches@gcc.gnu.org> (version=TLS1
	cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 31 Mar 2016 20:03:55 -0700 (PDT)
From: =?utf-8?Q?Marcel_B=C3=B6hme?= <boehme.marcel@gmail.com>
Subject: Fix for PR70492
Message-Id: <05677D74-68F2-4F24-843D-650106E31FDD@gmail.com>
Date: Fri, 1 Apr 2016 11:03:52 +0800
To: gcc-patches@gcc.gnu.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))

Hi,

This fixes the invalid write of size 8 detailed in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492

Handle the special case when consume_count returns -1 due to an integer overflow when parsing the length of the virtual table qualifier in cplus-dem.c:2994 (gnu_special).

Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c	(revision 234663)
+++ libiberty/cplus-dem.c	(working copy)
@@ -3001,6 +3001,11 @@ gnu_special (work, mangled, declp)
 		      success = 1;
 		      break;
 		    }
+                  else if (n == -1)
+                    {
+                      success = 0;
+                      break;
+                    }
 		}
 	      else
 		{