aboutsummaryrefslogtreecommitdiff
path: root/libiberty/ChangeLog
diff options
context:
space:
mode:
authorMark Wielaard <mark@klomp.org>2016-11-15 19:31:50 +0000
committerMark Wielaard <mark@klomp.org>2016-11-18 11:06:18 +0100
commit1706852c3c6c1d39f949c933d37647d02509b9cb (patch)
treec5b36324ccb38e94d7c63d06b677cf68ca562b1f /libiberty/ChangeLog
parent59d2699cfd30f9defc454be17415c0a518ece32b (diff)
downloadgdb-1706852c3c6c1d39f949c933d37647d02509b9cb.zip
gdb-1706852c3c6c1d39f949c933d37647d02509b9cb.tar.gz
gdb-1706852c3c6c1d39f949c933d37647d02509b9cb.tar.bz2
libiberty: Fix some demangler crashes caused by reading past end of input.
In various situations the cplus_demangle () function could read past the end of input causing crashes. Add checks in various places to not advance the demangle string location and fail early when end of string is reached. Add various examples of input strings to the testsuite that would crash test-demangle before the fixes. Found by using the American Fuzzy Lop (afl) fuzzer. libiberty/ChangeLog: * cplus-dem.c (demangle_signature): After 'H', template function, no success and don't advance position if end of string reached. (demangle_template): After 'z', template name, return zero on premature end of string. (gnu_special): Guard strchr against searching for zero characters. (do_type): If member, only advance mangled string when 'F' found. * testsuite/demangle-expected: Add examples of strings that could crash the demangler by reading past end of input.
Diffstat (limited to 'libiberty/ChangeLog')
-rw-r--r--libiberty/ChangeLog11
1 files changed, 11 insertions, 0 deletions
diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index d0c5595..ea12ba2 100644
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,14 @@
+2016-11-14 Mark Wielaard <mark@klomp.org>
+
+ * cplus-dem.c (demangle_signature): After 'H', template function,
+ no success and don't advance position if end of string reached.
+ (demangle_template): After 'z', template name, return zero on
+ premature end of string.
+ (gnu_special): Guard strchr against searching for zero characters.
+ (do_type): If member, only advance mangled string when 'F' found.
+ * testsuite/demangle-expected: Add examples of strings that could
+ crash the demangler by reading past end of input.
+
2016-11-06 Mark Wielaard <mark@klomp.org>
* configure.ac (ac_libiberty_warn_cflags): Add -Wshadow=local.