llvm.org GIT mirror llvm / 1d70463
llvm-undname: Fix nullptr deref on invalid structor names in template args Similar to r358421: A StructorIndentifierNode has a Class field which is read when printing it, but if the StructorIndentifierNode appears in a template argument then demangleFullyQualifiedSymbolName() which sets Class isn't called. Since StructorIndentifierNodes are always leaf names, we can just reject them as well. Found by oss-fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358491 91177308-0d34-0410-b5e6-96231b3b80d8 Nico Weber 1 year, 7 months ago
2 changed file(s) with 9 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all
948948
949949 if (NBB & NBB_Template) {
950950 // NBB_Template is only set for types and non-leaf names ("a::" in "a::b").
951 // A conversion operator only makes sense in a leaf name , so reject it in
952 // NBB_Template contexts.
953 if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) {
951 // Structors and conversion operators only makes sense in a leaf name, so
952 // reject them in NBB_Template contexts.
953 if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier ||
954 Identifier->kind() == NodeKind::StructorIdentifier) {
954955 Error = true;
955956 return nullptr;
956957 }
133133 ; CHECK-EMPTY:
134134 ; CHECK-NEXT: ?foo@?$?BH@@QAEHXZ
135135 ; CHECK-NEXT: error: Invalid mangled name
136
137 ?foo@?$?0H@
138 ; CHECK-EMPTY:
139 ; CHECK-NEXT: ?foo@?$?0H@
140 ; CHECK-NEXT: error: Invalid mangled name