Currently a stack/heap overflow may happen if a crafted mangle is maliciously used to cause denial of service, such as intentional crashes by accessing a reserved memory space.
Signed-off-by: Luís Ferreira <cont...@lsferreira.net>
---
libiberty/d-demangle.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
index a2152cc65518..7ded3e2a2563 100644
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -381,7 +381,7 @@ dlang_symbol_backref (string *decl, const char
*mangled,
/* Must point to a simple identifier. */
backref = dlang_number (backref, &len);
- if (backref == NULL)
+ if (backref == NULL || strlen(backref) < len)
return NULL;
backref = dlang_lname (decl, backref, len);
signature.asc
Description: This is a digitally signed message part
