From patchwork Wed Sep 22 01:31:03 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Lu=C3=ADs_Ferreira?= <contact@lsferreira.net>
X-Patchwork-Id: 45268
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id CEE743858007
	for <patchwork@sourceware.org>; Wed, 22 Sep 2021 01:31:26 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from 18.mo4.mail-out.ovh.net (18.mo4.mail-out.ovh.net
 [188.165.54.143])
 by sourceware.org (Postfix) with ESMTPS id 4B6003858C3A
 for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 01:31:08 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4B6003858C3A
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
 header.from=lsferreira.net
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=lsferreira.net
Received: from player789.ha.ovh.net (unknown [10.110.208.120])
 by mo4.mail-out.ovh.net (Postfix) with ESMTP id BFFEF288407
 for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 03:31:06 +0200 (CEST)
Received: from lsferreira.net (252.131.62.94.rev.vodafone.pt [94.62.131.252])
 (Authenticated sender: contact@lsferreira.net)
 by player789.ha.ovh.net (Postfix) with ESMTPSA id EBDEC2264F9C9
 for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 01:31:04 +0000 (UTC)
Authentication-Results: garm.ovh; auth=pass
 (GARM-98R00292da3f33-5e97-44d0-aa3b-a6865be705c4,
 6B7DC8684C863CDF2695C85991612992A54CE275) smtp.auth=contact@lsferreira.net
X-OVh-ClientIp: 94.62.131.252
Message-ID: <9a6bd69b680ed6c5dc6eaeb97e6994b6be5721e6.camel@lsferreira.net>
Subject: [PATCH] libiberty: prevent null dereferencing on dlang_type
From: =?iso-8859-1?q?Lu=EDs?= Ferreira <contact@lsferreira.net>
To: gcc-patches@gcc.gnu.org
Date: Wed, 22 Sep 2021 02:31:03 +0100
User-Agent: Evolution 3.40.4 
MIME-Version: 1.0
X-Ovh-Tracer-Id: 9753107944679667735
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedvtddrudeiiedggedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefkuffhrhfvffgtfgggsehgtderredtreejnecuhfhrohhmpefnuhovshcuhfgvrhhrvghirhgruceotghonhhtrggttheslhhsfhgvrhhrvghirhgrrdhnvghtqeenucggtffrrghtthgvrhhnpeeutdduveehjeetheehtddvieffiedugfehgffhfeegtdfhvdegfeefieevveegkeenucfkpheptddrtddrtddrtddpleegrdeivddrudefuddrvdehvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejkeelrdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomheptghonhhtrggttheslhhsfhgvrhhrvghirhgrrdhnvghtpdhrtghpthhtohepghgttgdqphgrthgthhgvshesghgttgdrghhnuhdrohhrgh
X-Spam-Status: No, score=-13.8 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Reply-To: lsferreira@riseup.net
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

This patch prevents dereferencing a null reference on a crafted
malformed magled name, often causing SIGSEGV to be raised.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
---
 libiberty/d-demangle.c                  | 2 +-
 libiberty/testsuite/d-demangle-expected | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
index a2152cc65518..469398261994 100644
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -875,7 +875,7 @@ dlang_type (string *decl, const char *mangled,
struct dlang_info *info)
       szmods = string_length (&mods);
 
       /* Back referenced function type.  */
-      if (*mangled == 'Q')
+      if (mangled && *mangled == 'Q')
 	mangled = dlang_type_backref (decl, mangled, info, 1);
       else
 	mangled = dlang_function_type (decl, mangled, info);
diff --git a/libiberty/testsuite/d-demangle-expected
b/libiberty/testsuite/d-demangle-expected
index c35185c3e1e3..799f4724b72e 100644
--- a/libiberty/testsuite/d-demangle-expected
+++ b/libiberty/testsuite/d-demangle-expected
@@ -991,11 +991,14 @@ _D88
 _D5__T1aZv
 _D5__T1aZv
 #
---format=dlang
 _D00
 _D00
 #
 --format=dlang
+_D01_D
+_D01_D
+#
+--format=dlang
 _D9223372036854775817
 _D9223372036854775817
 #