From 28a4d0b9810062c4ee291768f34b717bda4168a1 Mon Sep 17 00:00:00 2001
From: Erik Pilkington <erik.pilkington@gmail.com>
Date: Thu, 13 Jul 2017 19:37:37 +0000
Subject: [demangler] Respect try_to_parse_template_args

Fixes an exponential parse found by oss-fuzz.

llvm-svn: 307941
---
 libcxxabi/src/cxa_demangle.cpp        | 23 +++++++++++++----------
 libcxxabi/test/test_demangle.pass.cpp |  1 +
 2 files changed, 14 insertions(+), 10 deletions(-)

(limited to 'libcxxabi')

diff --git a/libcxxabi/src/cxa_demangle.cpp b/libcxxabi/src/cxa_demangle.cpp
index 355ba66..16aae0c 100644
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@@ -2364,17 +2364,20 @@ parse_type(const char* first, const char* last, Db& db)
                                 first = t;
                                 // Parsed a substitution.  If the substitution is a
                                 //  <template-param> it might be followed by <template-args>.
-                                t = parse_template_args(first, last, db);
-                                if (t != first)
+                                if (db.try_to_parse_template_args)
                                 {
-                                    if (db.names.size() < 2)
-                                        return first;
-                                    auto template_args = db.names.back().move_full();
-                                    db.names.pop_back();
-                                    db.names.back().first += template_args;
-                                    // Need to create substitution for <template-template-param> <template-args>
-                                    db.subs.push_back(Db::sub_type(1, db.names.back(), db.names.get_allocator()));
-                                    first = t;
+                                    t = parse_template_args(first, last, db);
+                                    if (t != first)
+                                    {
+                                        if (db.names.size() < 2)
+                                            return first;
+                                        auto template_args = db.names.back().move_full();
+                                        db.names.pop_back();
+                                        db.names.back().first += template_args;
+                                        // Need to create substitution for <template-template-param> <template-args>
+                                        db.subs.push_back(Db::sub_type(1, db.names.back(), db.names.get_allocator()));
+                                        first = t;
+                                    }
                                 }
                             }
                         }
diff --git a/libcxxabi/test/test_demangle.pass.cpp b/libcxxabi/test/test_demangle.pass.cpp
index 451f5f9..3276e1c 100644
--- a/libcxxabi/test/test_demangle.pass.cpp
+++ b/libcxxabi/test/test_demangle.pass.cpp
@@ -29669,6 +29669,7 @@ const char* invalid_cases[] =
     "_ZcvCiIJEEDvT__FFFFT_vT_v",
     "Z1JIJ1_T_EE3o00EUlT_E0",
     "___Z2i_D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
+    "ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_Dv_Dv_Dv_Dv_dZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_ZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIZcvSdIDv_Dv_Dv_Dv_Dv_d",
 };
 
 const unsigned NI = sizeof(invalid_cases) / sizeof(invalid_cases[0]);
-- 
cgit v1.1