From patchwork Fri Jan 11 00:17:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben L X-Patchwork-Id: 1023288 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-493828-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=live.co.uk Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="jzrduU23"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43bNk32JLKz9sN1 for ; Fri, 11 Jan 2019 11:18:03 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:content-type:mime-version; q=dns; s= default; b=b2CSIjbMMtFijWpENJdxR3Ofjf+f5PZMrft7n+rp+cyZWr39NE186 OET1op8nrMtL7hlsOWmFISy5WlwMVlLLINNqrEUd5re/yATXlhTCspQHz/of4Zl1 uRxBpnqdAtpIEbCC9Rcjht42w8Co3jDgM9kVq2TBAt6pWoesN6DBgU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:content-type:mime-version; s= default; bh=W8vHMkTHAbHOqVDSm4GoxthKp6I=; b=jzrduU23qwjj0+3c2fDW S10Hwn+nDOWAXV8Qu9iqTpbx03ki/Fmzk+QSnloCySMpehmTfGc2hKp26cbiSkEO 1xJIvRtk5uNOu/gxA1BSeAsztKQxGKrKsN+6FDScCbRLRgXiQt2Qxlu9GyNLLh5M HdjfoSgBcasP6kdfiFD6H68= Received: (qmail 101548 invoked by alias); 11 Jan 2019 00:17:56 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 101197 invoked by uid 89); 11 Jan 2019 00:17:56 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_COUK, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.2 spammy=H*c:HHH X-HELO: NAM02-CY1-obe.outbound.protection.outlook.com Received: from mail-oln040092004016.outbound.protection.outlook.com (HELO NAM02-CY1-obe.outbound.protection.outlook.com) (40.92.4.16) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 Jan 2019 00:17:54 +0000 Received: from SN1NAM02FT051.eop-nam02.prod.protection.outlook.com (10.152.72.59) by SN1NAM02HT022.eop-nam02.prod.protection.outlook.com (10.152.72.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13; Fri, 11 Jan 2019 00:17:52 +0000 Received: from CY4PR22MB0102.namprd22.prod.outlook.com (10.152.72.53) by SN1NAM02FT051.mail.protection.outlook.com (10.152.73.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Fri, 11 Jan 2019 00:17:52 +0000 Received: from CY4PR22MB0102.namprd22.prod.outlook.com ([fe80::e8:e1f8:6d1b:9efd]) by CY4PR22MB0102.namprd22.prod.outlook.com ([fe80::e8:e1f8:6d1b:9efd%9]) with mapi id 15.20.1516.016; Fri, 11 Jan 2019 00:17:52 +0000 From: Ben L To: "gcc-patches@gcc.gnu.org" Subject: [PATCH 06/10] libiberty: Correctly handle error result in dlang_parse_arrayliteral() Date: Fri, 11 Jan 2019 00:17:52 +0000 Message-ID: MIME-Version: 1.0 Hi all, First time emailing gcc-patches, so I'm sorry if I get any of this wrong or if there's obvious errors repeated in my patches. AFAICT I should be sending each change individually rather than as one bulk patch, so I'm sorry about the spam too. All of these changes were found by fuzzing libiberty's demanglers over the past week, and I have at least one more that it's currently crashing out on but I haven't had time to look into why yet. Obviously since this is my first time emailing I don't have write access to commit any of these, so if any are approved then I'd be grateful if you can commit them too. Thanks, Ben --- The number of elements were being taken as valid and for each one a separator was appended to the output, resulting in a huge memory bloat before crashing later on due to a signed integer overflow. * d-demangle.c (dlang_parse_arrayliteral): Correctly handle error result. * testsuite/d-demangle-expected: Add testcase. From 8eca61f41b70891f4e2c456c4a12c06d3b4f3a3f Mon Sep 17 00:00:00 2001 From: bobsayshilol Date: Wed, 9 Jan 2019 22:33:27 +0000 Subject: [PATCH 06/10] libiberty: Correctly handle error result in dlang_parse_arrayliteral(). The number of elements were being taken as valid and for each one a separator was appended to the output, resulting in a huge memory bloat before crashing later on due to a signed integer overflow. * d-demangle.c (dlang_parse_arrayliteral): Correctly handle error result. * testsuite/d-demangle-expected: Add testcase. diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c index 114d9e0..303d2ee 100644 --- a/libiberty/d-demangle.c +++ b/libiberty/d-demangle.c @@ -1191,6 +1191,9 @@ dlang_parse_arrayliteral (string *decl, const char *mangled) while (elements--) { mangled = dlang_value (decl, mangled, NULL, '\0'); + if (mangled == NULL) + return NULL; + if (elements != 0) string_append (decl, ", "); } diff --git a/libiberty/testsuite/d-demangle-expected b/libiberty/testsuite/d-demangle-expected index 9988238..19665f5 100644 --- a/libiberty/testsuite/d-demangle-expected +++ b/libiberty/testsuite/d-demangle-expected @@ -1310,3 +1310,7 @@ core.demangle.mangle!(void*() function).mangle(const(char)[], char[]).DotSplitte --format=dlang _D8__T2fnVa8888888888888_ _D8__T2fnVa8888888888888_ +# Could crash +--format=dlang +_D5__T2fnVmA1A1A911111111D +_D5__T2fnVmA1A1A911111111D -- 2.20.1