https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80513
Bug ID: 80513
Summary: demangler walks past trailing nul in mangled name in a
bunch of cases
Product: gcc
Version: 7.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: richard-gccbugzilla at metafoo dot co.uk
Target Milestone: ---
Example mangled name where demangler walks past two nuls:
$ echo '__thunk_16\0_\0_3foo' | c++filt
virtual function thunk (delta:-16) for foo::~foo(void)
These are two separate bugs:
1) The gnu_special __thunk_ handling blindly assumes (without checking) that
the byte after __thunk_<num> is an underscore, and skips it:
else if (strncmp (*mangled, "__thunk_", 8) == 0)
{
int delta;
(*mangled) += 8;
delta = consume_count (mangled);
if (delta == -1)
success = 0;
else
{
char *method = internal_cplus_demangle (work, ++*mangled);
2) The calls to "strchr (some_chars, mangled[i]) != NULL" throughout
cplus-dem.c are all wrong, as they do not properly handle the case where
mangled[i] is 0. (In that case, strchr returns a *non-null* pointer to the nul
terminator of some_chars.)
