From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-74718-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 24130 invoked by alias); 1 Aug 2010 21:10:35 -0000
Received: (qmail 24114 invoked by uid 22791); 1 Aug 2010 21:10:34 -0000
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=BAYES_00,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from slice-1.puremagic.com (HELO mail.puremagic.com) (173.45.241.208)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 01 Aug 2010 21:10:29 +0000
Received: from [192.168.10.200] (c-71-231-121-195.hsd1.wa.comcast.net [71.231.121.195])	by mail.puremagic.com (8.14.3/8.14.3/Debian-9ubuntu1) with ESMTP id o71LAO7c018269	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)	for <gdb-patches@sourceware.org>; Sun, 1 Aug 2010 14:10:27 -0700
Message-ID: <4C55E1CE.5000301@puremagic.com>
Date: Sun, 01 Aug 2010 21:10:00 -0000
From: Brad Roberts <braddr@puremagic.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.7) Gecko/20100713 Lightning/1.0b2 Thunderbird/3.1.1
MIME-Version: 1.0
To: gdb-patches@sourceware.org
Subject: patch for crash in d-lang.c's demangler
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2010-08/txt/msg00000.txt.bz2

There's a minor, but important bug in the d language symbol demangler.  I
haven't reviewed the whole thing for other bugs, just the one that I hit.

I don't have a copyright assignment form on file, but hopefully this diff is
small enough to not require one.  Consider the patch public domain or whatever
if that helps.

diff --git a/gdb/d-lang.c b/gdb/d-lang.c
index 6db521b..f17431b 100644
--- a/gdb/d-lang.c
+++ b/gdb/d-lang.c
@@ -37,8 +37,9 @@ extract_identifiers (const char *mangled_str, struct obstack
*tempbuf)

   while (isdigit (*mangled_str))
     {
-      i = strtol (mangled_str, NULL, 10);
-      mangled_str++;
+      char * end_ptr;
+      i = strtol (mangled_str, &end_ptr, 10);
+      mangled_str = end_ptr;
       if (i <= 0  && strlen (mangled_str) < i)
         return 0;
       obstack_grow (tempbuf, mangled_str, i);

Before this change, symbols with string fragments over 9 bytes long gets into a
bad state and might end up crashing.  Certainly ends up with a bad string.

And example that crashes for me:
    20src/core/atomic.d.9215__unittest_failFiZv

Thanks,
Brad