FreeChainXenon/gcc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libiberty: Limit demangler maximum d_print_comp recursion call depth.

Browse source 
The fix for PR demangler/70909 and 67264 (endless demangler recursion)
catches when a demangle_component is printed in a cycle. But that doesn't
protect the call stack blowing up from non-cyclic nested types printed
recursively through d_print_comp. This can happen by a (very) long mangled
string that simply creates a very deep pointer or qualifier chain. Limit
the recursive d_print_comp call depth for a d_print_info to 1K nested
types.

libiberty/ChangeLog:

        * cp-demangle.c (MAX_RECURSION_COUNT): New constant.
        (struct d_print_info): Add recursion field.
        (d_print_init): Initialize recursion.
        (d_print_comp): Check and update d_print_info recursion depth.

From-SVN: r247056
This commit is contained in:
Mark Wielaard 2017-04-21 09:02:03 +00:00 committed by Mark Wielaard
parent 13b6ef76dc
commit 6b086d35b7
2 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
libiberty/ChangeLog
View file

@ -1,3 +1,10 @@
2017-04-21 Mark Wielaard <mark@klomp.org>
* cp-demangle.c (MAX_RECURSION_COUNT): New constant.
(struct d_print_info): Add recursion field.
(d_print_init): Initialize recursion.
(d_print_comp): Check and update d_print_info recursion depth.
2017-04-21 Mark Wielaard <mark@klomp.org>
* cp-demangle.c (d_substitution): Return NULL if d_add_substitution

15
libiberty/cp-demangle.c
View file

@ -319,6 +319,9 @@ struct d_info_checkpoint
int expansion;
};
/* Maximum number of times d_print_comp may be called recursively. */
#define MAX_RECURSION_COUNT 1024
enum { D_PRINT_BUFFER_LENGTH = 256 };
struct d_print_info
{
@ -341,6 +344,9 @@ struct d_print_info
struct d_print_mod *modifiers;
/* Set to 1 if we saw a demangling error. */
int demangle_failure;
/* Number of times d_print_comp was recursively called. Should not
be bigger than MAX_RECURSION_COUNT. */
int recursion;
/* Non-zero if we're printing a lambda argument. A template
parameter reference actually means 'auto'. */
int is_lambda_arg;
@ -4151,6 +4157,7 @@ d_print_init (struct d_print_info *dpi, demangle_callbackref callback,
dpi->opaque = opaque;
dpi->demangle_failure = 0;
dpi->recursion = 0;
dpi->is_lambda_arg = 0;
dpi->component_stack = NULL;
@ -5685,13 +5692,14 @@ d_print_comp (struct d_print_info *dpi, int options,
struct demangle_component *dc)
{
struct d_component_stack self;
if (dc == NULL || dc->d_printing > 1)
if (dc == NULL || dc->d_printing > 1 || dpi->recursion > MAX_RECURSION_COUNT)
{
d_print_error (dpi);
return;
}
else
dc->d_printing++;
dc->d_printing++;
dpi->recursion++;
self.dc = dc;
self.parent = dpi->component_stack;
@ -5701,6 +5709,7 @@ d_print_comp (struct d_print_info *dpi, int options,
dpi->component_stack = self.parent;
dc->d_printing--;
dpi->recursion--;
}
/* Print a Java dentifier. For Java we try to handle encoded extended