llvm.org GIT mirror llvm / 6900134
llvm-undname: Fix nullptr deref on invalid conversion operator names in template args A ConversionOperatorIdentifierNode has a TargetType which is read when printing it, but if the ConversionOperatorIdentifierNode appears in a template argument there's nothing that can provide the TargetType. Normally the COIN is a symbol (leaf) name and takes its TargetType from the symbol's type, but in a template argument context the COIN can only be either a non-leaf name piece or a type, and must hence be invalid. Similar to the COIN check in demangleDeclarator(). Found by oss-fuzz. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@358421 91177308-0d34-0410-b5e6-96231b3b80d8 Nico Weber 1 year, 7 months ago
2 changed file(s) with 15 addition(s) and 1 deletion(s). Raw diff Collapse all Expand all
946946 if (Error)
947947 return nullptr;
948948
949 if (NBB & NBB_Template)
949 if (NBB & NBB_Template) {
950 // NBB_Template is only set for types and non-leaf names ("a::" in "a::b").
951 // A conversion operator only makes sense in a leaf name , so reject it in
952 // NBB_Template contexts.
953 if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) {
954 Error = true;
955 return nullptr;
956 }
957
950958 memorizeIdentifier(Identifier);
959 }
951960
952961 return Identifier;
953962 }
128128 ; CHECK-EMPTY:
129129 ; CHECK-NEXT: ??_R4foo@@
130130 ; CHECK-NEXT: error: Invalid mangled name
131
132 ?foo@?$?BH@@QAEHXZ
133 ; CHECK-EMPTY:
134 ; CHECK-NEXT: ?foo@?$?BH@@QAEHXZ
135 ; CHECK-NEXT: error: Invalid mangled name