aboutsummaryrefslogtreecommitdiff
path: root/libiberty/testsuite
diff options
context:
space:
mode:
authorMikhail Maltsev <maltsevm@gmail.com>2015-07-13 05:49:54 +0000
committerMikhail Maltsev <miyuki@gcc.gnu.org>2015-07-13 05:49:54 +0000
commit76d96a5a6f6f0b14967c10166b1577c2bc034d13 (patch)
treeabb02fde610b3ae8f28505f343d0f245d8bab088 /libiberty/testsuite
parent026c3cfd5e92e7f358290921984b57e1b433e658 (diff)
downloadgcc-76d96a5a6f6f0b14967c10166b1577c2bc034d13.zip
gcc-76d96a5a6f6f0b14967c10166b1577c2bc034d13.tar.gz
gcc-76d96a5a6f6f0b14967c10166b1577c2bc034d13.tar.bz2
Fix several crashes of C++ demangler on fuzzed input.
libiberty/ * cp-demangle.c (d_dump): Fix syntax error. (d_identifier): Adjust type of len to match d_source_name. (d_expression_1): Fix out-of-bounds access. Check code variable for NULL before dereferencing it. (d_find_pack): Do not recurse for FIXED_TYPE, DEFAULT_ARG and NUMBER. (d_print_comp_inner): Add NULL pointer check. * cp-demangle.h (d_peek_next_char): Define as inline function when CHECK_DEMANGLER is defined. (d_advance): Likewise. * testsuite/demangle-expected: Add new testcases. From-SVN: r225727
Diffstat (limited to 'libiberty/testsuite')
-rw-r--r--libiberty/testsuite/demangle-expected30
1 files changed, 30 insertions, 0 deletions
diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected
index 6ea64ae..4c6359e 100644
--- a/libiberty/testsuite/demangle-expected
+++ b/libiberty/testsuite/demangle-expected
@@ -4091,6 +4091,36 @@ void g<1>(A<1>&, B<static_cast<bool>(1)>&)
_ZNKSt7complexIiE4realB5cxx11Ev
std::complex<int>::real[abi:cxx11]() const
#
+# Some more crashes revealed by fuzz-testing:
+# Check for NULL pointer when demangling trinary operators
+--format=gnu-v3
+_Z1fAv32_f
+_Z1fAv32_f
+# Do not overflow when decoding identifier length
+--format=gnu-v3
+_Z11111111111
+_Z11111111111
+# Check out-of-bounds access when decoding braced initializer list
+--format=gnu-v3
+_ZDTtl
+_ZDTtl
+# Check for NULL pointer when demangling DEMANGLE_COMPONENT_LOCAL_NAME
+--format=gnu-v3
+_ZZN1fEEd_lEv
+_ZZN1fEEd_lEv
+# Handle DEMANGLE_COMPONENT_FIXED_TYPE in d_find_pack
+--format=gnu-v3
+_Z1fDpDFT_
+_Z1fDpDFT_
+# Likewise, DEMANGLE_COMPONENT_DEFAULT_ARG
+--format=gnu-v3
+_Z1fIDpZ1fEd_E
+_Z1fIDpZ1fEd_E
+# Likewise, DEMANGLE_COMPONENT_NUMBER
+--format=gnu-v3
+_Z1fDpDv1_c
+f((char __vector(1))...)
+#
# Ada (GNAT) tests.
#
# Simple test.