Skip to content

Commit

Permalink
fix: stack buffer overflow (#957)
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiud authored Oct 5, 2023
1 parent e567cfc commit 319a0df
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/demangle.cc
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@

#include "demangle.h"

#include <cstddef>
#include <cstdio> // for nullptr
#include <limits>

Expand Down Expand Up @@ -222,6 +223,10 @@ static bool ZeroOrMore(ParseFunc parse_func, State *state) {
// is set to true for later use. The output string is ensured to
// always terminate with '\0' as long as there is no overflow.
static void Append(State *state, const char * const str, ssize_t length) {
if (state->out_cur == nullptr) {
state->overflowed = true;
return;
}
for (ssize_t i = 0; i < length; ++i) {
if (state->out_cur + 1 < state->out_end) { // +1 for '\0'
*state->out_cur = str[i];
Expand Down Expand Up @@ -667,6 +672,10 @@ static bool ParseIdentifier(State *state, ssize_t length) {
} else {
MaybeAppendWithLength(state, state->mangled_cur, length);
}
if (length < 0 ||
static_cast<std::size_t>(length) > StrLen(state->mangled_cur)) {
return false;
}
state->mangled_cur += length;
return true;
}
Expand Down

0 comments on commit 319a0df

Please sign in to comment.