[demangler] Fix a exponential string copying bug

The problem was that if base_name() was called from a context without
an actual base name, it could gulp up the entire string, which can
result in recursive duplications. The fix is to be more strict as to
what qualifies as a base name.

Differential revision: https://reviews.llvm.org/D33637

llvm-svn: 304113

2 files changed, 5 insertions, 0 deletions

diff --git a/libcxxabi/src/cxa_demangle.cpp b/libcxxabi/src/cxa_demangle.cpp
index d8734fb..3707dca 100644
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@@ -2915,6 +2915,10 @@ base_name(String& s)
             ++p0;
             break;
         }
+        if (!isalpha(*p0) && !isdigit(*p0) && *p0 != '_')
+        {
+            return String();
+        }
     }
     return String(p0, pe);
 }
diff --git a/libcxxabi/test/test_demangle.pass.cpp b/libcxxabi/test/test_demangle.pass.cpp
index 9e4a008..451f5f9 100644
--- a/libcxxabi/test/test_demangle.pass.cpp
+++ b/libcxxabi/test/test_demangle.pass.cpp
@@ -29668,6 +29668,7 @@ const char* invalid_cases[] =
     "\x46\x44\x74\x70\x74\x71\x75\x32\x43\x41\x72\x4D\x6E\x65\x34\x9F\xC1\x43\x41\x72\x4D\x6E\x77\x38\x9A\x8E\x44\x6F\x64\x6C\x53\xF9\x5F\x70\x74\x70\x69\x45\x34\xD3\x73\x9E\x2A\x37\x72\x33\x8E\x3A\x29\x8E\x44\x35",
     "_ZcvCiIJEEDvT__FFFFT_vT_v",
     "Z1JIJ1_T_EE3o00EUlT_E0",
+    "___Z2i_D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
 };
 
 const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);