From fa3fcee7b8c73070306ec358e730d1dfcac246bf Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 2 Aug 2016 13:26:28 +0100 Subject: [PATCH] Synchronize libiberty sources with FSF GCC mainline version. include * libiberty.h (MAX_ALLOCA_SIZE): New macro. libiberty * make-relative-prefix.c (make_relative_prefix_1): Fall back to malloc if alloca argument is greater than MAX_ALLOCA_SIZE. * cp-demangle.c (cplus_demangle_operators): Add f[lrLR]. (d_expression_1): Handle them. (d_maybe_print_fold_expression): New. (d_print_comp_inner): Use it. (d_index_template_argument): Handle negative index. * cp-demangle.c (cplus_demangle_operators): Add sP and sZ. (d_print_comp_inner): Handle them. (d_template_args_1): Split out from d_template_args. (d_args_length): New. PR c++/70926 * cplus-dem.c: Handle large values and overflow when demangling length variables. (demangle_template_value_parm): Read only until end of mangled string. (do_hpacc_template_literal): Likewise. (do_type): Handle overflow when demangling array indices. * cp-demangle.c (cplus_demangle_print_callback): Avoid zero-length VLAs. PR c++/70498 * cp-demangle.c (d_expression_1): Formatting fix. * cplus-dem.c (enum type_kind_t): Add tk_rvalue_reference constant. (demangle_template_value_parm): Handle tk_rvalue_reference type kind. (do_type): Support 'O' type id (rvalue references). * testsuite/demangle-expected: Add tests. PR c++/70498 * cp-demangle.c: Parse numbers as integer instead of long to avoid overflow after sanity checks. Include if available. (INT_MAX): Define if necessary. (d_make_template_param): Takes integer argument instead of long. (d_make_function_param): Likewise. (d_append_num): Likewise. (d_identifier): Likewise. (d_number): Parse as and return integer. (d_compact_number): Handle overflow. (d_source_name): Change variable type to integer for parsed number. (d_java_resource): Likewise. (d_special_name): Likewise. (d_discriminator): Likewise. (d_unnamed_type): Likewise. * testsuite/demangle-expected: Add regression test cases. * configure: Remove SH5 support. PR c++/69687 * cplus-dem.c: Include if available. (INT_MAX): Define if necessary. (remember_type, remember_Ktype, register_Btype, string_need): Abort if we detect cases where we the size of the allocation would overflow. PR c++/70492 * cplus-dem.c (gnu_special): Handle case where consume_count returns -1. PR c++/67394 PR c++/70481 * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing btypevec/ktypevec. * testsuite/demangle-expected: Add coverage tests. --- include/ChangeLog | 4 + include/libiberty.h | 11 ++ libiberty/ChangeLog | 92 +++++++++++ libiberty/configure | 3 +- libiberty/cp-demangle.c | 213 ++++++++++++++++++++++---- libiberty/cplus-dem.c | 45 +++++- libiberty/make-relative-prefix.c | 11 +- libiberty/testsuite/demangle-expected | 166 ++++++++++++++++++++ 8 files changed, 503 insertions(+), 42 deletions(-) diff --git a/include/ChangeLog b/include/ChangeLog index 673f7571d0a..f48ed0a4188 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -2,6 +2,10 @@ * opcode/ppc.h (PPC_OPCODE_E200Z4): New define. +2016-07-29 Aldy Hernandez + + * libiberty.h (MAX_ALLOCA_SIZE): New macro. + 2016-07-27 Graham Markall * opcode/arc.h: Add ARC_OPERAND_ADDRTYPE, diff --git a/include/libiberty.h b/include/libiberty.h index 8f7d5f64930..5b686ba26b6 100644 --- a/include/libiberty.h +++ b/include/libiberty.h @@ -397,6 +397,17 @@ extern void hex_init (void); /* Save files used for communication between processes. */ #define PEX_SAVE_TEMPS 0x4 +/* Max number of alloca bytes per call before we must switch to malloc. + + ?? Swiped from gnulib's regex_internal.h header. Is this actually + the case? This number seems arbitrary, though sane. + + The OS usually guarantees only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + allocate anything larger than 4096 bytes. Also care for the possibility + of a few compiler-allocated temporary stack slots. */ +#define MAX_ALLOCA_SIZE 4032 + /* Prepare to execute one or more programs, with standard output of each program fed to standard input of the next. FLAGS As above. diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog index c55af153a9b..eb966741e96 100644 --- a/libiberty/ChangeLog +++ b/libiberty/ChangeLog @@ -1,7 +1,99 @@ +2016-07-29 Aldy Hernandez + + * make-relative-prefix.c (make_relative_prefix_1): Fall back to + malloc if alloca argument is greater than MAX_ALLOCA_SIZE. + +2016-07-15 Jason Merrill + + * cp-demangle.c (cplus_demangle_operators): Add f[lrLR]. + (d_expression_1): Handle them. + (d_maybe_print_fold_expression): New. + (d_print_comp_inner): Use it. + (d_index_template_argument): Handle negative index. + + * cp-demangle.c (cplus_demangle_operators): Add sP and sZ. + (d_print_comp_inner): Handle them. + (d_template_args_1): Split out from d_template_args. + (d_args_length): New. + +2016-07-13 Marcel BÃhme + + PR c++/70926 + * cplus-dem.c: Handle large values and overflow when demangling + length variables. + (demangle_template_value_parm): Read only until end of mangled string. + (do_hpacc_template_literal): Likewise. + (do_type): Handle overflow when demangling array indices. + +2016-06-12 Brooks Moses + + * cp-demangle.c (cplus_demangle_print_callback): Avoid zero-length + VLAs. + 2016-05-31 Alan Modra * xmemdup.c (xmemdup): Use xmalloc rather than xcalloc. +2016-05-19 Jakub Jelinek + + PR c++/70498 + * cp-demangle.c (d_expression_1): Formatting fix. + +2016-05-18 Artemiy Volkov + + * cplus-dem.c (enum type_kind_t): Add tk_rvalue_reference + constant. + (demangle_template_value_parm): Handle tk_rvalue_reference + type kind. + (do_type): Support 'O' type id (rvalue references). + + * testsuite/demangle-expected: Add tests. + +2016-05-02 Marcel Böhme + + PR c++/70498 + * cp-demangle.c: Parse numbers as integer instead of long to avoid + overflow after sanity checks. Include if available. + (INT_MAX): Define if necessary. + (d_make_template_param): Takes integer argument instead of long. + (d_make_function_param): Likewise. + (d_append_num): Likewise. + (d_identifier): Likewise. + (d_number): Parse as and return integer. + (d_compact_number): Handle overflow. + (d_source_name): Change variable type to integer for parsed number. + (d_java_resource): Likewise. + (d_special_name): Likewise. + (d_discriminator): Likewise. + (d_unnamed_type): Likewise. + * testsuite/demangle-expected: Add regression test cases. + +2016-04-30 Oleg Endo + + * configure: Remove SH5 support. + +2016-04-08 Marcel Böhme + + PR c++/69687 + * cplus-dem.c: Include if available. + (INT_MAX): Define if necessary. + (remember_type, remember_Ktype, register_Btype, string_need): + Abort if we detect cases where we the size of the allocation would + overflow. + + PR c++/70492 + * cplus-dem.c (gnu_special): Handle case where consume_count returns + -1. + +2016-03-31 Mikhail Maltsev + Marcel Bohme + + PR c++/67394 + PR c++/70481 + * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing + btypevec/ktypevec. + * testsuite/demangle-expected: Add coverage tests. + 2016-01-27 Iain Buclaw * d-demangle.c (dlang_call_convention): Handle extern Objective-C diff --git a/libiberty/configure b/libiberty/configure index bde78ffd25d..0f8e9b925e5 100755 --- a/libiberty/configure +++ b/libiberty/configure @@ -5145,8 +5145,7 @@ case "${host}" in PICFLAG=-fpic ;; # FIXME: Simplify to sh*-*-netbsd*? - sh-*-netbsdelf* | shl*-*-netbsdelf* | sh5-*-netbsd* | sh5l*-*-netbsd* | \ - sh64-*-netbsd* | sh64l*-*-netbsd*) + sh-*-netbsdelf* | shl*-*-netbsdelf*) PICFLAG=-fpic ;; # Default to -fPIC unless specified otherwise. diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c index bd64bef8cf7..0c6d71436e3 100644 --- a/libiberty/cp-demangle.c +++ b/libiberty/cp-demangle.c @@ -128,6 +128,13 @@ extern char *alloca (); # endif /* alloca */ #endif /* HAVE_ALLOCA_H */ +#ifdef HAVE_LIMITS_H +#include +#endif +#ifndef INT_MAX +# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */ +#endif + #include "ansidecl.h" #include "libiberty.h" #include "demangle.h" @@ -337,7 +344,7 @@ struct d_print_info /* Set to 1 if we saw a demangling error. */ int demangle_failure; /* The current index into any template argument packs we are using - for printing. */ + for printing, or -1 to print the whole pack. */ int pack_index; /* Number of d_print_flush calls so far. */ unsigned long int flush_count; @@ -398,7 +405,7 @@ d_make_dtor (struct d_info *, enum gnu_v3_dtor_kinds, struct demangle_component *); static struct demangle_component * -d_make_template_param (struct d_info *, long); +d_make_template_param (struct d_info *, int); static struct demangle_component * d_make_sub (struct d_info *, const char *, int); @@ -421,9 +428,9 @@ static struct demangle_component *d_unqualified_name (struct d_info *); static struct demangle_component *d_source_name (struct d_info *); -static long d_number (struct d_info *); +static int d_number (struct d_info *); -static struct demangle_component *d_identifier (struct d_info *, long); +static struct demangle_component *d_identifier (struct d_info *, int); static struct demangle_component *d_operator_name (struct d_info *); @@ -459,6 +466,7 @@ static struct demangle_component * d_template_param (struct d_info *); static struct demangle_component *d_template_args (struct d_info *); +static struct demangle_component *d_template_args_1 (struct d_info *); static struct demangle_component * d_template_arg (struct d_info *); @@ -1119,7 +1127,7 @@ d_make_dtor (struct d_info *di, enum gnu_v3_dtor_kinds kind, /* Add a new template parameter. */ static struct demangle_component * -d_make_template_param (struct d_info *di, long i) +d_make_template_param (struct d_info *di, int i) { struct demangle_component *p; @@ -1135,7 +1143,7 @@ d_make_template_param (struct d_info *di, long i) /* Add a new function parameter. */ static struct demangle_component * -d_make_function_param (struct d_info *di, long i) +d_make_function_param (struct d_info *di, int i) { struct demangle_component *p; @@ -1620,7 +1628,7 @@ d_unqualified_name (struct d_info *di) static struct demangle_component * d_source_name (struct d_info *di) { - long len; + int len; struct demangle_component *ret; len = d_number (di); @@ -1633,12 +1641,12 @@ d_source_name (struct d_info *di) /* number ::= [n] <(non-negative decimal integer)> */ -static long +static int d_number (struct d_info *di) { int negative; char peek; - long ret; + int ret; negative = 0; peek = d_peek_char (di); @@ -1681,7 +1689,7 @@ d_number_component (struct d_info *di) /* identifier ::= <(unqualified source code identifier)> */ static struct demangle_component * -d_identifier (struct d_info *di, long len) +d_identifier (struct d_info *di, int len) { const char *name; @@ -1702,7 +1710,7 @@ d_identifier (struct d_info *di, long len) /* Look for something which looks like a gcc encoding of an anonymous namespace, and replace it with a more user friendly name. */ - if (len >= (long) ANONYMOUS_NAMESPACE_PREFIX_LEN + 2 + if (len >= (int) ANONYMOUS_NAMESPACE_PREFIX_LEN + 2 && memcmp (name, ANONYMOUS_NAMESPACE_PREFIX, ANONYMOUS_NAMESPACE_PREFIX_LEN) == 0) { @@ -1754,6 +1762,10 @@ const struct demangle_operator_info cplus_demangle_operators[] = { "eO", NL ("^="), 2 }, { "eo", NL ("^"), 2 }, { "eq", NL ("=="), 2 }, + { "fL", NL ("..."), 3 }, + { "fR", NL ("..."), 3 }, + { "fl", NL ("..."), 2 }, + { "fr", NL ("..."), 2 }, { "ge", NL (">="), 2 }, { "gs", NL ("::"), 1 }, { "gt", NL (">"), 2 }, @@ -1788,6 +1800,8 @@ const struct demangle_operator_info cplus_demangle_operators[] = { "rc", NL ("reinterpret_cast"), 2 }, { "rm", NL ("%"), 2 }, { "rs", NL (">>"), 2 }, + { "sP", NL ("sizeof..."), 1 }, + { "sZ", NL ("sizeof..."), 1 }, { "sc", NL ("static_cast"), 2 }, { "st", NL ("sizeof "), 1 }, { "sz", NL ("sizeof "), 1 }, @@ -1870,7 +1884,7 @@ d_java_resource (struct d_info *di) { struct demangle_component *p = NULL; struct demangle_component *next = NULL; - long len, i; + int len, i; char c; const char *str; @@ -2012,7 +2026,7 @@ d_special_name (struct d_info *di) case 'C': { struct demangle_component *derived_type; - long offset; + int offset; struct demangle_component *base_type; derived_type = cplus_demangle_type (di); @@ -2946,10 +2960,10 @@ d_pointer_to_member_type (struct d_info *di) /* _ */ -static long +static int d_compact_number (struct d_info *di) { - long num; + int num; if (d_peek_char (di) == '_') num = 0; else if (d_peek_char (di) == 'n') @@ -2957,7 +2971,7 @@ d_compact_number (struct d_info *di) else num = d_number (di) + 1; - if (! d_check_char (di, '_')) + if (num < 0 || ! d_check_char (di, '_')) return -1; return num; } @@ -2969,7 +2983,7 @@ d_compact_number (struct d_info *di) static struct demangle_component * d_template_param (struct d_info *di) { - long param; + int param; if (! d_check_char (di, 'T')) return NULL; @@ -2987,6 +3001,19 @@ d_template_param (struct d_info *di) static struct demangle_component * d_template_args (struct d_info *di) +{ + if (d_peek_char (di) != 'I' + && d_peek_char (di) != 'J') + return NULL; + d_advance (di, 1); + + return d_template_args_1 (di); +} + +/* * E */ + +static struct demangle_component * +d_template_args_1 (struct d_info *di) { struct demangle_component *hold_last_name; struct demangle_component *al; @@ -2997,11 +3024,6 @@ d_template_args (struct d_info *di) constructor or destructor. */ hold_last_name = di->last_name; - if (d_peek_char (di) != 'I' - && d_peek_char (di) != 'J') - return NULL; - d_advance (di, 1); - if (d_peek_char (di) == 'E') { /* An argument pack can be empty. */ @@ -3171,9 +3193,10 @@ d_expression_1 (struct d_info *di) } else { - index = d_compact_number (di) + 1; - if (index == 0) + index = d_compact_number (di); + if (index == INT_MAX || index == -1) return NULL; + index++; } return d_make_function_param (di, index); } @@ -3262,6 +3285,8 @@ d_expression_1 (struct d_info *di) if (op->type == DEMANGLE_COMPONENT_CAST && d_check_char (di, '_')) operand = d_exprlist (di, 'E'); + else if (code && !strcmp (code, "sP")) + operand = d_template_args_1 (di); else operand = d_expression_1 (di); @@ -3284,6 +3309,9 @@ d_expression_1 (struct d_info *di) return NULL; if (op_is_new_cast (op)) left = cplus_demangle_type (di); + else if (code[0] == 'f') + /* fold-expression. */ + left = d_operator_name (di); else left = d_expression_1 (di); if (!strcmp (code, "cl")) @@ -3318,6 +3346,13 @@ d_expression_1 (struct d_info *di) second = d_expression_1 (di); third = d_expression_1 (di); } + else if (code[0] == 'f') + { + /* fold-expression. */ + first = d_operator_name (di); + second = d_expression_1 (di); + third = d_expression_1 (di); + } else if (code[0] == 'n') { /* new-expression. */ @@ -3502,7 +3537,7 @@ d_local_name (struct d_info *di) static int d_discriminator (struct d_info *di) { - long discrim; + int discrim; if (d_peek_char (di) != '_') return 1; @@ -3558,7 +3593,7 @@ static struct demangle_component * d_unnamed_type (struct d_info *di) { struct demangle_component *ret; - long num; + int num; if (! d_check_char (di, 'U')) return NULL; @@ -4086,10 +4121,10 @@ d_append_string (struct d_print_info *dpi, const char *s) } static inline void -d_append_num (struct d_print_info *dpi, long l) +d_append_num (struct d_print_info *dpi, int l) { char buf[25]; - sprintf (buf,"%ld", l); + sprintf (buf,"%d", l); d_append_string (dpi, buf); } @@ -4120,8 +4155,12 @@ cplus_demangle_print_callback (int options, { #ifdef CP_DYNAMIC_ARRAYS - __extension__ struct d_saved_scope scopes[dpi.num_saved_scopes]; - __extension__ struct d_print_template temps[dpi.num_copy_templates]; + /* Avoid zero-length VLAs, which are prohibited by the C99 standard + and flagged as errors by Address Sanitizer. */ + __extension__ struct d_saved_scope scopes[(dpi.num_saved_scopes > 0) + ? dpi.num_saved_scopes : 1]; + __extension__ struct d_print_template temps[(dpi.num_copy_templates > 0) + ? dpi.num_copy_templates : 1]; dpi.saved_scopes = scopes; dpi.copy_templates = temps; @@ -4171,13 +4210,17 @@ cplus_demangle_print (int options, const struct demangle_component *dc, } /* Returns the I'th element of the template arglist ARGS, or NULL on - failure. */ + failure. If I is negative, return the entire arglist. */ static struct demangle_component * d_index_template_argument (struct demangle_component *args, int i) { struct demangle_component *a; + if (i < 0) + /* Print the whole argument pack. */ + return args; + for (a = args; a != NULL; a = d_right (a)) @@ -4277,6 +4320,30 @@ d_pack_length (const struct demangle_component *dc) return count; } +/* Returns the number of template args in DC, expanding any pack expansions + found there. */ + +static int +d_args_length (struct d_print_info *dpi, const struct demangle_component *dc) +{ + int count = 0; + for (; dc && dc->type == DEMANGLE_COMPONENT_TEMPLATE_ARGLIST; + dc = d_right (dc)) + { + struct demangle_component *elt = d_left (dc); + if (elt == NULL) + break; + if (elt->type == DEMANGLE_COMPONENT_PACK_EXPANSION) + { + struct demangle_component *a = d_find_pack (dpi, d_left (elt)); + count += d_pack_length (a); + } + else + ++count; + } + return count; +} + /* DC is a component of a mangled expression. Print it, wrapped in parens if needed. */ @@ -4353,6 +4420,70 @@ d_get_saved_scope (struct d_print_info *dpi, return NULL; } +/* If DC is a C++17 fold-expression, print it and return true; otherwise + return false. */ + +static int +d_maybe_print_fold_expression (struct d_print_info *dpi, int options, + const struct demangle_component *dc) +{ + const struct demangle_component *ops, *operator_, *op1, *op2; + int save_idx; + + const char *fold_code = d_left (dc)->u.s_operator.op->code; + if (fold_code[0] != 'f') + return 0; + + ops = d_right (dc); + operator_ = d_left (ops); + op1 = d_right (ops); + op2 = 0; + if (op1->type == DEMANGLE_COMPONENT_TRINARY_ARG2) + { + op2 = d_right (op1); + op1 = d_left (op1); + } + + /* Print the whole pack. */ + save_idx = dpi->pack_index; + dpi->pack_index = -1; + + switch (fold_code[1]) + { + /* Unary left fold, (... + X). */ + case 'l': + d_append_string (dpi, "(..."); + d_print_expr_op (dpi, options, operator_); + d_print_subexpr (dpi, options, op1); + d_append_char (dpi, ')'); + break; + + /* Unary right fold, (X + ...). */ + case 'r': + d_append_char (dpi, '('); + d_print_subexpr (dpi, options, op1); + d_print_expr_op (dpi, options, operator_); + d_append_string (dpi, "...)"); + break; + + /* Binary left fold, (42 + ... + X). */ + case 'L': + /* Binary right fold, (X + ... + 42). */ + case 'R': + d_append_char (dpi, '('); + d_print_subexpr (dpi, options, op1); + d_print_expr_op (dpi, options, operator_); + d_append_string (dpi, "..."); + d_print_expr_op (dpi, options, operator_); + d_print_subexpr (dpi, options, op2); + d_append_char (dpi, ')'); + break; + } + + dpi->pack_index = save_idx; + return 1; +} + /* Subroutine to handle components. */ static void @@ -5113,6 +5244,21 @@ d_print_comp_inner (struct d_print_info *dpi, int options, } } + /* For sizeof..., just print the pack length. */ + if (code && !strcmp (code, "sZ")) + { + struct demangle_component *a = d_find_pack (dpi, operand); + int len = d_pack_length (a); + d_append_num (dpi, len); + return; + } + else if (code && !strcmp (code, "sP")) + { + int len = d_args_length (dpi, operand); + d_append_num (dpi, len); + return; + } + if (op->type != DEMANGLE_COMPONENT_CAST) d_print_expr_op (dpi, options, op); else @@ -5154,6 +5300,9 @@ d_print_comp_inner (struct d_print_info *dpi, int options, return; } + if (d_maybe_print_fold_expression (dpi, options, dc)) + return; + /* We wrap an expression which uses the greater-than operator in an extra layer of parens so that it does not get confused with the '>' which ends the template parameters. */ @@ -5209,6 +5358,8 @@ d_print_comp_inner (struct d_print_info *dpi, int options, d_print_error (dpi); return; } + if (d_maybe_print_fold_expression (dpi, options, dc)) + return; { struct demangle_component *op = d_left (dc); struct demangle_component *first = d_left (d_right (dc)); diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c index c68b9813de2..3ee2df1c56a 100644 --- a/libiberty/cplus-dem.c +++ b/libiberty/cplus-dem.c @@ -56,6 +56,13 @@ void * malloc (); void * realloc (); #endif +#ifdef HAVE_LIMITS_H +#include +#endif +#ifndef INT_MAX +# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */ +#endif + #include #undef CURRENT_DEMANGLING_STYLE #define CURRENT_DEMANGLING_STYLE work->options @@ -237,6 +244,7 @@ typedef enum type_kind_t tk_none, tk_pointer, tk_reference, + tk_rvalue_reference, tk_integral, tk_bool, tk_char, @@ -1237,11 +1245,13 @@ squangle_mop_up (struct work_stuff *work) { free ((char *) work -> btypevec); work->btypevec = NULL; + work->bsize = 0; } if (work -> ktypevec != NULL) { free ((char *) work -> ktypevec); work->ktypevec = NULL; + work->ksize = 0; } } @@ -2033,7 +2043,8 @@ demangle_template_value_parm (struct work_stuff *work, const char **mangled, } else if (tk == tk_real) success = demangle_real_value (work, mangled, s); - else if (tk == tk_pointer || tk == tk_reference) + else if (tk == tk_pointer || tk == tk_reference + || tk == tk_rvalue_reference) { if (**mangled == 'Q') success = demangle_qualified (work, mangled, s, @@ -2042,7 +2053,8 @@ demangle_template_value_parm (struct work_stuff *work, const char **mangled, else { int symbol_len = consume_count (mangled); - if (symbol_len == -1) + if (symbol_len == -1 + || symbol_len > (long) strlen (*mangled)) return -1; if (symbol_len == 0) string_appendn (s, "0", 1); @@ -2999,6 +3011,11 @@ gnu_special (struct work_stuff *work, const char **mangled, string *declp) success = 1; break; } + else if (n == -1) + { + success = 0; + break; + } } else { @@ -3574,6 +3591,14 @@ do_type (struct work_stuff *work, const char **mangled, string *result) tk = tk_reference; break; + /* An rvalue reference type */ + case 'O': + (*mangled)++; + string_prepend (&decl, "&&"); + if (tk == tk_none) + tk = tk_rvalue_reference; + break; + /* An array */ case 'A': { @@ -3597,7 +3622,7 @@ do_type (struct work_stuff *work, const char **mangled, string *result) /* A back reference to a previously seen type */ case 'T': (*mangled)++; - if (!get_count (mangled, &n) || n >= work -> ntypes) + if (!get_count (mangled, &n) || n < 0 || n >= work -> ntypes) { success = 0; } @@ -3631,7 +3656,6 @@ do_type (struct work_stuff *work, const char **mangled, string *result) break; case 'M': - case 'O': { type_quals = TYPE_UNQUALIFIED; @@ -3775,7 +3799,7 @@ do_type (struct work_stuff *work, const char **mangled, string *result) /* A back reference to a previously seen squangled type */ case 'B': (*mangled)++; - if (!get_count (mangled, &n) || n >= work -> numb) + if (!get_count (mangled, &n) || n < 0 || n >= work -> numb) success = 0; else string_append (result, work->btypevec[n]); @@ -4116,7 +4140,8 @@ do_hpacc_template_literal (struct work_stuff *work, const char **mangled, literal_len = consume_count (mangled); - if (literal_len <= 0) + if (literal_len <= 0 + || literal_len > (long) strlen (*mangled)) return 0; /* Literal parameters are names of arrays, functions, etc. and the @@ -4254,6 +4279,8 @@ remember_type (struct work_stuff *work, const char *start, int len) } else { + if (work -> typevec_size > INT_MAX / 2) + xmalloc_failed (INT_MAX); work -> typevec_size *= 2; work -> typevec = XRESIZEVEC (char *, work->typevec, work->typevec_size); @@ -4281,6 +4308,8 @@ remember_Ktype (struct work_stuff *work, const char *start, int len) } else { + if (work -> ksize > INT_MAX / 2) + xmalloc_failed (INT_MAX); work -> ksize *= 2; work -> ktypevec = XRESIZEVEC (char *, work->ktypevec, work->ksize); @@ -4310,6 +4339,8 @@ register_Btype (struct work_stuff *work) } else { + if (work -> bsize > INT_MAX / 2) + xmalloc_failed (INT_MAX); work -> bsize *= 2; work -> btypevec = XRESIZEVEC (char *, work->btypevec, work->bsize); @@ -4764,6 +4795,8 @@ string_need (string *s, int n) else if (s->e - s->p < n) { tem = s->p - s->b; + if (n > INT_MAX / 2 - tem) + xmalloc_failed (INT_MAX); n += tem; n *= 2; s->b = XRESIZEVEC (char, s->b, n); diff --git a/libiberty/make-relative-prefix.c b/libiberty/make-relative-prefix.c index fe639d18bd2..fa813998be3 100644 --- a/libiberty/make-relative-prefix.c +++ b/libiberty/make-relative-prefix.c @@ -233,6 +233,7 @@ make_relative_prefix_1 (const char *progname, const char *bin_prefix, int i, n, common; int needed_len; char *ret = NULL, *ptr, *full_progname; + char *alloc_ptr = NULL; if (progname == NULL || bin_prefix == NULL || prefix == NULL) return NULL; @@ -256,7 +257,10 @@ make_relative_prefix_1 (const char *progname, const char *bin_prefix, #ifdef HAVE_HOST_EXECUTABLE_SUFFIX len += strlen (HOST_EXECUTABLE_SUFFIX); #endif - nstore = (char *) alloca (len); + if (len < MAX_ALLOCA_SIZE) + nstore = (char *) alloca (len); + else + alloc_ptr = nstore = (char *) malloc (len); startp = endp = temp; while (1) @@ -312,12 +316,12 @@ make_relative_prefix_1 (const char *progname, const char *bin_prefix, else full_progname = strdup (progname); if (full_progname == NULL) - return NULL; + goto bailout; prog_dirs = split_directories (full_progname, &prog_num); free (full_progname); if (prog_dirs == NULL) - return NULL; + goto bailout; bin_dirs = split_directories (bin_prefix, &bin_num); if (bin_dirs == NULL) @@ -395,6 +399,7 @@ make_relative_prefix_1 (const char *progname, const char *bin_prefix, free_split_directories (prog_dirs); free_split_directories (bin_dirs); free_split_directories (prefix_dirs); + free (alloc_ptr); return ret; } diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected index aebf01b3add..535f2c143ee 100644 --- a/libiberty/testsuite/demangle-expected +++ b/libiberty/testsuite/demangle-expected @@ -31,6 +31,11 @@ ArrowLine::ArrowheadIntersects(Arrowhead *, BoxObj &, Graphic *) ArrowLine::ArrowheadIntersects # --format=gnu --no-params +ArrowheadIntersects__9ArrowLineP9ArrowheadO6BoxObjP7Graphic +ArrowLine::ArrowheadIntersects(Arrowhead *, BoxObj &&, Graphic *) +ArrowLine::ArrowheadIntersects +# +--format=gnu --no-params AtEnd__13ivRubberGroup ivRubberGroup::AtEnd(void) ivRubberGroup::AtEnd @@ -51,6 +56,11 @@ TextCode::CoreConstDecls(ostream &) TextCode::CoreConstDecls # --format=gnu --no-params +CoreConstDecls__8TextCodeO7ostream +TextCode::CoreConstDecls(ostream &&) +TextCode::CoreConstDecls +# +--format=gnu --no-params Detach__8StateVarP12StateVarView StateVar::Detach(StateVarView *) StateVar::Detach @@ -66,21 +76,41 @@ RelateManip::Effect(ivEvent &) RelateManip::Effect # --format=gnu --no-params +Effect__11RelateManipO7ivEvent +RelateManip::Effect(ivEvent &&) +RelateManip::Effect +# +--format=gnu --no-params FindFixed__FRP4CNetP4CNet FindFixed(CNet *&, CNet *) FindFixed # --format=gnu --no-params +FindFixed__FOP4CNetP4CNet +FindFixed(CNet *&&, CNet *) +FindFixed +# +--format=gnu --no-params Fix48_abort__FR8twolongs Fix48_abort(twolongs &) Fix48_abort # --format=gnu --no-params +Fix48_abort__FO8twolongs +Fix48_abort(twolongs &&) +Fix48_abort +# +--format=gnu --no-params GetBarInfo__15iv2_6_VScrollerP13ivPerspectiveRiT2 iv2_6_VScroller::GetBarInfo(ivPerspective *, int &, int &) iv2_6_VScroller::GetBarInfo # --format=gnu --no-params +GetBarInfo__15iv2_6_VScrollerP13ivPerspectiveOiT2 +iv2_6_VScroller::GetBarInfo(ivPerspective *, int &&, int &&) +iv2_6_VScroller::GetBarInfo +# +--format=gnu --no-params GetBgColor__C9ivPainter ivPainter::GetBgColor(void) const ivPainter::GetBgColor @@ -986,11 +1016,21 @@ List::Pix::Pix(List::Pix const &) List::Pix::Pix # --format=gnu --no-params +__Q2t4List1Z10VHDLEntity3PixOCQ2t4List1Z10VHDLEntity3Pix +List::Pix::Pix(List::Pix const &&) +List::Pix::Pix +# +--format=gnu --no-params __Q2t4List1Z10VHDLEntity7elementRC10VHDLEntityPT0 List::element::element(VHDLEntity const &, List::element *) List::element::element # --format=gnu --no-params +__Q2t4List1Z10VHDLEntity7elementOC10VHDLEntityPT0 +List::element::element(VHDLEntity const &&, List::element *) +List::element::element +# +--format=gnu --no-params __Q2t4List1Z10VHDLEntity7elementRCQ2t4List1Z10VHDLEntity7element List::element::element(List::element const &) List::element::element @@ -1036,6 +1076,11 @@ PixX >::PixX(PixX >::PixX # --format=gnu --no-params +__t4PixX3Z11VHDLLibraryZ14VHDLLibraryRepZt4List1Z10VHDLEntityOCt4PixX3Z11VHDLLibraryZ14VHDLLibraryRepZt4List1Z10VHDLEntity +PixX >::PixX(PixX > const &&) +PixX >::PixX +# +--format=gnu --no-params nextE__C11VHDLLibraryRt4PixX3Z11VHDLLibraryZ14VHDLLibraryRepZt4List1Z10VHDLEntity VHDLLibrary::nextE(PixX > &) const VHDLLibrary::nextE @@ -1261,6 +1306,11 @@ smanip_int::smanip_int(ios &(*)(ios &, int), int) smanip_int::smanip_int # --format=lucid --no-params +__ct__10smanip_intFPFO3iosi_O3iosi +smanip_int::smanip_int(ios &&(*)(ios &&, int), int) +smanip_int::smanip_int +# +--format=lucid --no-params __ct__11fstreambaseFi fstreambase::fstreambase(int) fstreambase::fstreambase @@ -1281,6 +1331,11 @@ smanip_long::smanip_long(ios &(*)(ios &, long), long) smanip_long::smanip_long # --format=lucid --no-params +__ct__11smanip_longFPFO3iosl_O3iosl +smanip_long::smanip_long(ios &&(*)(ios &&, long), long) +smanip_long::smanip_long +# +--format=lucid --no-params __ct__11stdiostreamFP4FILE stdiostream::stdiostream(FILE *) stdiostream::stdiostream @@ -1321,6 +1376,11 @@ foo::foo(foo &) foo::foo # --format=lucid --no-params +__ct__3fooFO3foo +foo::foo(foo &&) +foo::foo +# +--format=lucid --no-params __ct__3fooFi foo::foo(int) foo::foo @@ -1336,6 +1396,11 @@ foo::foo(int, foo &, int, foo &, int, foo &) foo::foo # --format=lucid --no-params +__ct__3fooFiO3fooT1T2T1T2 +foo::foo(int, foo &&, int, foo &&, int, foo &&) +foo::foo +# +--format=lucid --no-params __ct__3iosFP9streambuf ios::ios(streambuf *) ios::ios @@ -1811,6 +1876,11 @@ foo(int, foo &, int, foo &, int, foo &) foo # --format=lucid --no-params +foo__FiO3fooT1T2T1T2 +foo(int, foo &&, int, foo &&, int, foo &&) +foo +# +--format=lucid --no-params foo___3barFl bar::foo_(long) bar::foo_ @@ -2561,6 +2631,11 @@ DListNode::DListNode(RLabel &, DListNode *, DListNode::DListNode # --format=arm --no-params +__ct__25DListNode__pt__9_O6RLabelFO6RLabelP25DListNode__pt__9_O6RLabelT2 +DListNode::DListNode(RLabel &&, DListNode *, DListNode *) +DListNode::DListNode +# +--format=arm --no-params bar__3fooFiT16FooBar foo::bar(int, int, FooBar) foo::bar @@ -2991,6 +3066,11 @@ DListNode::DListNode(RLabel &, DListNode *, DListNode::DListNode # --format=hp --no-params +__ct__9DListNodeXTO6RLabel__FO6RLabelP9DListNodeXTO6RLabel_T2 +DListNode::DListNode(RLabel &&, DListNode *, DListNode *) +DListNode::DListNode +# +--format=hp --no-params elem__6vectorXTiUP34__Fi vector::elem(int) vector::elem @@ -3021,16 +3101,31 @@ vector::elem(int) vector::elem # --format=hp --no-params +elem__6vectorXTiSN67UP4000TOs__Fi +vector::elem(int) +vector::elem +# +--format=hp --no-params elem__6vectorXTiSN67TRdTFPv_i__Fi vector::elem(int) vector::elem # --format=hp --no-params +elem__6vectorXTiSN67TOdTFPv_i__Fi +vector::elem(int) +vector::elem +# +--format=hp --no-params X__6vectorXTiSN67TdTPvUP5TRs vector::X vector::X # --format=hp --no-params +X__6vectorXTiSN67TdTPvUP5TOs +vector::X +vector::X +# +--format=hp --no-params elem__6vectorXTiA3foo__Fi vector::elem(int) vector::elem @@ -3071,6 +3166,11 @@ Spec::spec(int *) Spec::spec # --format=hp --no-params +spec__17Spec<#1,#1.&&,#1>XTiTOiTi_FPi +Spec::spec(int *) +Spec::spec +# +--format=hp --no-params add__XTc_FcT1 add(char, char) add @@ -3101,6 +3201,11 @@ C call(Test &) C call # --format=gnu --no-params +call__H1Z4Test_OX01_t1C2ZX01PMX01FPX01i_vQ2X016output +C call(Test &&) +C call +# +--format=gnu --no-params fn__FPQ21n1cPMQ21n1cFPQ21n1c_i fn(n::c *, int (n::c::*)(n::c *)) fn @@ -3126,6 +3231,11 @@ int foo > >(TA >) int foo > > # --format=gnu --no-params +foo__H1Zt2TA2ZOCiZt2NA1Ui9_X01_i +int foo > >(TA >) +int foo > > +# +--format=gnu --no-params foo__H1Zt2TA2ZcZt2NA1Ui20_X01_i int foo > >(TA >) int foo > > @@ -3402,6 +3512,11 @@ int* const volatile restrict _far _Z3fooILi2EEvRAplT_Li1E_i void foo<2>(int (&) [(2)+(1)]) foo<2> +# +--format=gnu-v3 --no-params +_Z3fooILi2EEvOAplT_Li1E_i +void foo<2>(int (&&) [(2)+(1)]) +foo<2> # --format=gnu-v3 --no-params _Z1fM1AKFvvE @@ -4421,3 +4536,54 @@ void baz(A*) --format=gnu-v3 _Z3fooI1FEN1XIXszdtcl1PclcvT__EEE5arrayEE4TypeEv X::Type foo() + +_Z1fIJidEEv1AIXsZT_EE +void f(A<2>) + +_ZN1A1fIJiiEiJiiiEEEvRAsPDpT_T0_DpT1_E_iS3_S5_ +void A::f(int (&) [6], int, int, int, int) + +_Z10unary_leftIJLi1ELi2ELi3EEEv1AIXflplT_EE +void unary_left<1, 2, 3>(A<(...+(1, 2, 3))>) + +_Z11unary_rightIJLi1ELi2ELi3EEEv1AIXfrplT_EE +void unary_right<1, 2, 3>(A<((1, 2, 3)+...)>) + +_Z11binary_leftIJLi1ELi2ELi3EEEv1AIXfLplLi42ET_EE +void binary_left<1, 2, 3>(A<((42)+...+(1, 2, 3))>) + +_Z12binary_rightIJLi1ELi2ELi3EEEv1AIXfRplT_Li42EEE +void binary_right<1, 2, 3>(A<((1, 2, 3)+...+(42))>) +# +# Tests a use-after-free problem PR70481 + +_Q.__0 +::Q.(void) +# +# Tests a use-after-free problem PR70481 + +_Q10-__9cafebabe. +cafebabe.::-(void) +# +# Tests integer overflow problem PR70492 + +__vt_90000000000cafebabe +__vt_90000000000cafebabe +# +# Tests write access violation PR70498 + +_Z80800000000000000000000 +_Z80800000000000000000000 +# +# Tests write access violation PR70926 + +0__Ot2m02R5T0000500000 +0__Ot2m02R5T0000500000 +# + +0__GT50000000000_ +0__GT50000000000_ +# + +__t2m05B500000000000000000_ +__t2m05B500000000000000000_ -- 2.30.2