From c035c243da36e2fa867626ef8af467fdda73ac80 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Tue, 16 Apr 2019 14:10:34 +0000 Subject: llvm-undname: Fix nullptr deref on invalid structor names in template args Similar to r358421: A StructorIndentifierNode has a Class field which is read when printing it, but if the StructorIndentifierNode appears in a template argument then demangleFullyQualifiedSymbolName() which sets Class isn't called. Since StructorIndentifierNodes are always leaf names, we can just reject them as well. Found by oss-fuzz. llvm-svn: 358491 --- llvm/lib/Demangle/MicrosoftDemangle.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'llvm/lib/Demangle') diff --git a/llvm/lib/Demangle/MicrosoftDemangle.cpp b/llvm/lib/Demangle/MicrosoftDemangle.cpp index c3bdfa23d1f..49cfcde9c58 100644 --- a/llvm/lib/Demangle/MicrosoftDemangle.cpp +++ b/llvm/lib/Demangle/MicrosoftDemangle.cpp @@ -949,9 +949,10 @@ Demangler::demangleTemplateInstantiationName(StringView &MangledName, if (NBB & NBB_Template) { // NBB_Template is only set for types and non-leaf names ("a::" in "a::b"). - // A conversion operator only makes sense in a leaf name , so reject it in - // NBB_Template contexts. - if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier) { + // Structors and conversion operators only makes sense in a leaf name, so + // reject them in NBB_Template contexts. + if (Identifier->kind() == NodeKind::ConversionOperatorIdentifier || + Identifier->kind() == NodeKind::StructorIdentifier) { Error = true; return nullptr; } -- cgit v1.2.3