diff mbox series

libiberty: prevent null dereferencing on dlang_type

Message ID 9a6bd69b680ed6c5dc6eaeb97e6994b6be5721e6.camel@lsferreira.net
State Committed
Commit b3585c0836e729bed56b9afd4292177673a25ca0
Headers
Series libiberty: prevent null dereferencing on dlang_type |

Commit Message

Luís Ferreira Sept. 22, 2021, 1:31 a.m. UTC 
  This patch prevents dereferencing a null reference on a crafted
malformed magled name, often causing SIGSEGV to be raised.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
---
 libiberty/d-demangle.c                  | 2 +-
 libiberty/testsuite/d-demangle-expected | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

Comments

Li, Pan2 via Gcc-patches Sept. 23, 2021, 10:17 a.m. UTC | #1 
> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote:
> 
>  
> This patch prevents dereferencing a null reference on a crafted
> malformed magled name, often causing SIGSEGV to be raised.
> 

OK, seems reasonable to me.

> Signed-off-by: Luís Ferreira <contact@lsferreira.net>
> ---
>  libiberty/d-demangle.c                  | 2 +-
>  libiberty/testsuite/d-demangle-expected | 5 ++++-
>  2 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
> index a2152cc65518..469398261994 100644
> --- a/libiberty/d-demangle.c
> +++ b/libiberty/d-demangle.c
> @@ -875,7 +875,7 @@ dlang_type (string *decl, const char *mangled,
> struct dlang_info *info)
>        szmods = string_length (&mods);
>  
>        /* Back referenced function type.  */
> -      if (*mangled == 'Q')
> +      if (mangled && *mangled == 'Q')
>  	mangled = dlang_type_backref (decl, mangled, info, 1);
>        else
>  	mangled = dlang_function_type (decl, mangled, info);
> diff --git a/libiberty/testsuite/d-demangle-expected
> b/libiberty/testsuite/d-demangle-expected
> index c35185c3e1e3..799f4724b72e 100644
> --- a/libiberty/testsuite/d-demangle-expected
> +++ b/libiberty/testsuite/d-demangle-expected
> @@ -991,11 +991,14 @@ _D88
>  _D5__T1aZv
>  _D5__T1aZv
>  #
> ---format=dlang
>  _D00
>  _D00
>  #
>  --format=dlang
> +_D01_D
> +_D01_D
> +#
> +--format=dlang
>  _D9223372036854775817
>  _D9223372036854775817
>  #
Jeff Law Sept. 23, 2021, 3:55 p.m. UTC | #2 
On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote:
>> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote:
>>
>>   
>> This patch prevents dereferencing a null reference on a crafted
>> malformed magled name, often causing SIGSEGV to be raised.
>>
> OK, seems reasonable to me.
I pushed this to the trunk.

Thanks,
jeff
H.J. Lu Oct. 1, 2021, 2:23 p.m. UTC | #3 
On Thu, Sep 23, 2021 at 8:55 AM Jeff Law via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
>
>
> On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote:
> >> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote:
> >>
> >>
> >> This patch prevents dereferencing a null reference on a crafted
> >> malformed magled name, often causing SIGSEGV to be raised.
> >>
> > OK, seems reasonable to me.
> I pushed this to the trunk.
>
> Thanks,
> jeff
>

This caused:

FAIL at line 997: unknown demangling style _D00
FAIL at line 1001: unknown demangling style _D01_D
FAIL at line 1005: unknown demangling style _D9223372036854775817
FAIL at line 1009: unknown demangling style _D1az
FAIL at line 1013: unknown demangling style _D1aN
FAIL at line 1017: unknown demangling style _D1aF
FAIL at line 1021: unknown demangling style _D1aM
FAIL at line 1025: unknown demangling style _D1aFZNz
FAIL at line 1029: unknown demangling style _D1aFNzZv
FAIL at line 1033: unknown demangling style _D4testFDX
FAIL at line 1037: unknown demangling style _D5__T0aZv
FAIL at line 1041: unknown demangling style _D10__T4testYZv
FAIL at line 1045: unknown demangling style _D4testFBaZv
FAIL at line 1049: unknown demangling style _D8__T4test
FAIL at line 1053: unknown demangling style _D10__T4testVi
FAIL at line 1057: unknown demangling style _D10__T4testVai
...
FAIL at line 1445: unknown demangling style
_D3mod4funcFZ__T6nestedTiZQkMFNaNbNiNfZi
FAIL at line 1449: unknown demangling style
_D3mod4funcFZ__T6nestedTiZ4__S1QpMFNaNbNiNfZi
FAIL at line 1452: unknown demangling style
_D6mangle__T8fun21753VSQv6S21753S1f_DQBj10__lambda71MFNaNbNiNfZvZQCbQp
./test-demangle: 359 tests, 115 failures
make[5]: *** [Makefile:55: check-d-demangle] Error 1
Li, Pan2 via Gcc-patches Oct. 1, 2021, 2:33 p.m. UTC | #4 
Hi,

Yes, I'm sorry, I forgot to add --format=dlang parameter. This patch
fixes it
https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580544.html .

On Fri, 2021-10-01 at 07:23 -0700, H.J. Lu wrote:
> On Thu, Sep 23, 2021 at 8:55 AM Jeff Law via Gcc-patches
> <gcc-patches@gcc.gnu.org> wrote:
> > 
> > 
> > 
> > On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote:
> > > > On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote:
> > > > 
> > > > 
> > > > This patch prevents dereferencing a null reference on a crafted
> > > > malformed magled name, often causing SIGSEGV to be raised.
> > > > 
> > > OK, seems reasonable to me.
> > I pushed this to the trunk.
> > 
> > Thanks,
> > jeff
> > 
> 
> This caused:
> 
> FAIL at line 997: unknown demangling style _D00
> FAIL at line 1001: unknown demangling style _D01_D
> FAIL at line 1005: unknown demangling style _D9223372036854775817
> FAIL at line 1009: unknown demangling style _D1az
> FAIL at line 1013: unknown demangling style _D1aN
> FAIL at line 1017: unknown demangling style _D1aF
> FAIL at line 1021: unknown demangling style _D1aM
> FAIL at line 1025: unknown demangling style _D1aFZNz
> FAIL at line 1029: unknown demangling style _D1aFNzZv
> FAIL at line 1033: unknown demangling style _D4testFDX
> FAIL at line 1037: unknown demangling style _D5__T0aZv
> FAIL at line 1041: unknown demangling style _D10__T4testYZv
> FAIL at line 1045: unknown demangling style _D4testFBaZv
> FAIL at line 1049: unknown demangling style _D8__T4test
> FAIL at line 1053: unknown demangling style _D10__T4testVi
> FAIL at line 1057: unknown demangling style _D10__T4testVai
> ...
> FAIL at line 1445: unknown demangling style
> _D3mod4funcFZ__T6nestedTiZQkMFNaNbNiNfZi
> FAIL at line 1449: unknown demangling style
> _D3mod4funcFZ__T6nestedTiZ4__S1QpMFNaNbNiNfZi
> FAIL at line 1452: unknown demangling style
> _D6mangle__T8fun21753VSQv6S21753S1f_DQBj10__lambda71MFNaNbNiNfZvZQCbQp
> ./test-demangle: 359 tests, 115 failures
> make[5]: *** [Makefile:55: check-d-demangle] Error 1
> 
>
diff mbox series

Patch

diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
index a2152cc65518..469398261994 100644
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -875,7 +875,7 @@  dlang_type (string *decl, const char *mangled,
struct dlang_info *info)
       szmods = string_length (&mods);
 
       /* Back referenced function type.  */
-      if (*mangled == 'Q')
+      if (mangled && *mangled == 'Q')
 	mangled = dlang_type_backref (decl, mangled, info, 1);
       else
 	mangled = dlang_function_type (decl, mangled, info);
diff --git a/libiberty/testsuite/d-demangle-expected
b/libiberty/testsuite/d-demangle-expected
index c35185c3e1e3..799f4724b72e 100644
--- a/libiberty/testsuite/d-demangle-expected
+++ b/libiberty/testsuite/d-demangle-expected
@@ -991,11 +991,14 @@  _D88
 _D5__T1aZv
 _D5__T1aZv
 #
---format=dlang
 _D00
 _D00
 #
 --format=dlang
+_D01_D
+_D01_D
+#
+--format=dlang
 _D9223372036854775817
 _D9223372036854775817
 #