[demangler] Fix an oss-fuzz bug from r338138
Stack overflow on invalid. While collapsing references, we were skipping over a
cycle check in ForwardTemplateReference leading to a stack overflow. This commit
fixes the problem by duplicating the cycle check in ReferenceType.
git-svn-id: https://llvm.org/svn/llvm-project/libcxxabi/trunk@338190 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/src/cxa_demangle.cpp b/src/cxa_demangle.cpp
index 08a2b2b..1007d7e 100644
--- a/src/cxa_demangle.cpp
+++ b/src/cxa_demangle.cpp
@@ -461,6 +461,8 @@
const Node *Pointee;
ReferenceKind RK;
+ mutable bool Printing = false;
+
// Dig through any refs to refs, collapsing the ReferenceTypes as we go. The
// rule here is rvalue ref to rvalue ref collapses to a rvalue ref, and any
// other combination collapses to a lvalue ref.
@@ -487,6 +489,9 @@
}
void printLeft(OutputStream &s) const override {
+ if (Printing)
+ return;
+ SwapAndRestore<bool> SavePrinting(Printing, true);
std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
Collapsed.second->printLeft(s);
if (Collapsed.second->hasArray(s))
@@ -497,6 +502,9 @@
s += (Collapsed.first == ReferenceKind::LValue ? "&" : "&&");
}
void printRight(OutputStream &s) const override {
+ if (Printing)
+ return;
+ SwapAndRestore<bool> SavePrinting(Printing, true);
std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
if (Collapsed.second->hasArray(s) || Collapsed.second->hasFunction(s))
s += ")";
