From cde9e006d82f7bc3f2783ebfac60b777a6d36cbf Mon Sep 17 00:00:00 2001
From: Howard Hinnant <hhinnant@apple.com>
Date: Sun, 23 Jun 2013 17:14:35 +0000
Subject: After a private conversation with Arthur O'Dwyer, and a good night's
 sleep, I believe this fix is a better fix than what I committed in r184656
 yesterday.  I've basically moved the checking for '`' from the start of the
 demangling process to the end of it.  In the process I discovered that one of
 the test cases no longer demangled to the expected string.  After further
 investigation I believe this case to not be a valid mangled string, and so I
 moved the test case to the 'invalid cases'.  The reason I believe it is
 invalid is that it should use T_ instead of T0_ to index the template
 parameter.

llvm-svn: 184668
---
 libcxxabi/src/cxa_demangle.cpp | 43 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 37 insertions(+), 6 deletions(-)

(limited to 'libcxxabi/src')

diff --git a/libcxxabi/src/cxa_demangle.cpp b/libcxxabi/src/cxa_demangle.cpp
index 91d16cdf469..e49ab445043 100644
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@@ -4382,7 +4382,7 @@ template <class C>
 void
 demangle(const char* first, const char* last, C& db, int& status)
 {
-    if (first >= last || std::find(first, last, '`') != last)
+    if (first >= last)
     {
         status = invalid_mangled_name;
         return;
@@ -4423,21 +4423,52 @@ demangle(const char* first, const char* last, C& db, int& status)
         if (t != last)
             status = invalid_mangled_name;
     }
+    if (status == success && db.names.empty())
+        status = invalid_mangled_name;
     if (status == success && db.fix_forward_references)
     {
-        db.names.reserve(db.names.size()+1);
-        auto& nm = db.names.back().first;
+        auto nm = db.names.back().move_full();
+        db.names.pop_back();
         size_t p = nm.size();
         while (p != 0)
         {
             if (nm[--p] == '`')
             {
+                size_t k0 = db.names.size();
                 const char* t = parse_template_param(&nm[p+1], &nm[nm.size()], db);
-                auto s = db.names.back().move_full();
-                db.names.pop_back();
-                nm.replace(p, static_cast<std::size_t>(t - &nm[p]), s);
+                size_t k1 = db.names.size();
+                if (t == &nm[p+1])
+                {
+                    status = invalid_mangled_name;
+                    return;
+                }
+                if (k1 == k0)
+                {
+                    nm.erase(p, static_cast<std::size_t>(t - &nm[p]));
+                }
+                else
+                {
+                    if (db.names[k0].first.front() == '`')
+                    {
+                        status = invalid_mangled_name;
+                        return;
+                    }
+                    size_t p2 = static_cast<size_t>(t - &nm[p]);
+                    size_t s = db.names[k0].size();
+                    nm.replace(p, p2, db.names[k0].move_full());
+                    p2 = p + s;
+                    for (size_t k = k0+1; k < k1; ++k)
+                    {
+                        s = db.names[k].size() + 2;
+                        nm.insert(p2, ", " + db.names[k].move_full());
+                        p2 += s;
+                    }
+                    for (; k1 > k0; --k1)
+                        db.names.pop_back();
+                }
             }
         }
+        db.names.push_back(std::move(nm));
     }
 }
 
-- 
cgit v1.2.3