From 2d3392bd42e16b5c8894c357f250dbde245e96fe Mon Sep 17 00:00:00 2001
From: Iain Buclaw <ibuclaw@gdcproject.org>
Date: Sun, 25 Jun 2017 11:39:05 +0200
Subject: Sync libiberty with upstream GCC.

libiberty/ChangeLog:

	PR demangler/80513
	* cp-demangle.c (d_number): Check for overflow.
	* cplus-dem.c (consume_count): Fix overflow check.
	(gnu_special): Check for underscore after thunk delta.
	* testsuite/demangle-expected: Add tests for overflows and invalid
	characters in thunks.

	* cp-demangle.c (MAX_RECURSION_COUNT): New constant.
	(struct d_print_info): Add recursion field.
	(d_print_init): Initialize recursion.
	(d_print_comp): Check and update d_print_info recursion depth.

	* cp-demangle.c (d_substitution): Return NULL if d_add_substitution
	fails.

	* cp-demangle.h (struct d_info): Remove did_subs field.
	* cp-demangle.c (struct d_info_checkpoint): Likewise.
	(d_template_param): Don't update did_subs.
	(d_substitution): Likewise.
	(d_checkpoint): Don't assign did_subs.
	(d_backtrack): Likewise.
	(cplus_demangle_init_info): Don't initialize did_subs.
---
 libiberty/cplus-dem.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

(limited to 'libiberty/cplus-dem.c')

diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
index a990e07..81c17a3 100644
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -520,21 +520,17 @@ consume_count (const char **type)
 
   while (ISDIGIT ((unsigned char)**type))
     {
-      count *= 10;
-
-      /* Check for overflow.
-	 We assume that count is represented using two's-complement;
-	 no power of two is divisible by ten, so if an overflow occurs
-	 when multiplying by ten, the result will not be a multiple of
-	 ten.  */
-      if ((count % 10) != 0)
+      const int digit = **type - '0';
+      /* Check for overflow.  */
+      if (count > ((INT_MAX - digit) / 10))
 	{
 	  while (ISDIGIT ((unsigned char) **type))
 	    (*type)++;
 	  return -1;
 	}
 
-      count += **type - '0';
+      count *= 10;
+      count += digit;
       (*type)++;
     }
 
@@ -3173,6 +3169,8 @@ gnu_special (struct work_stuff *work, const char **mangled, string *declp)
       delta = consume_count (mangled);
       if (delta == -1)
 	success = 0;
+      else if (**mangled != '_')
+        success = 0;
       else
 	{
 	  char *method = internal_cplus_demangle (work, ++*mangled);
-- 
cgit v1.1