Google Git
Sign in
llvm / llvm / 1d7046374b1a3e4db933eb90cca46c2f60c52bcd^! / .
commit1d7046374b1a3e4db933eb90cca46c2f60c52bcd[log] [tgz]
authorNico Weber <nicolasweber@gmx.de>Tue Apr 16 14:10:34 2019 +0000
committerNico Weber <nicolasweber@gmx.de>Tue Apr 16 14:10:34 2019 +0000
tree42e3d29a8774c4c81ffc2b775da710acdbb388c1
parent82dee4839755bf02b6366be4528a76b2d4f44be9 [diff]
llvm-undname: Fix nullptr deref on invalid structor names in template args

Similar to r358421: A StructorIndentifierNode has a Class field which
is read when printing it, but if the StructorIndentifierNode appears in
a template argument then demangleFullyQualifiedSymbolName() which sets
Class isn't called. Since StructorIndentifierNodes are always leaf
names, we can just reject them as well.

Found by oss-fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358491 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Demangle/MicrosoftDemangle.cpp b/lib/Demangle/MicrosoftDemangle.cpp
index c3bdfa2..49cfcde 100644
--- a/lib/Demangle/MicrosoftDemangle.cpp
+++ b/lib/Demangle/MicrosoftDemangle.cpp

@@ -949,9 +949,10 @@
 
   if (NBB & NBB_Template) {
     // NBB_Template is only set for types and non-leaf names ("a::" in "a::b").
-    // A conversion operator only makes sense in a leaf name , so reject it in
-    // NBB_Template contexts.
-    if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) {
+    // Structors and conversion operators only makes sense in a leaf name, so
+    // reject them in NBB_Template contexts.
+    if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier ||
+        Identifier->kind() == NodeKind::StructorIdentifier) {
       Error = true;
       return nullptr;
     }

diff --git a/test/Demangle/invalid-manglings.test b/test/Demangle/invalid-manglings.test
index dcfc99f..84c2b32 100644
--- a/test/Demangle/invalid-manglings.test
+++ b/test/Demangle/invalid-manglings.test

@@ -134,3 +134,8 @@
 ; CHECK-EMPTY:
 ; CHECK-NEXT: ?foo@?$?BH@@QAEHXZ
 ; CHECK-NEXT: error: Invalid mangled name
+
+?foo@?$?0H@
+; CHECK-EMPTY:
+; CHECK-NEXT: ?foo@?$?0H@
+; CHECK-NEXT: error: Invalid mangled name