Avoid signed overflow for Ed <number> _ manglings with large <number>s.

PiperOrigin-RevId: 640213246 Change-Id: Ib0dcf34d52566bfd0e3e9129c4438954aedab8ec

Avoid signed overflow for Ed <number> _ manglings with large <number>s.
PiperOrigin-RevId: 640213246 Change-Id: Ib0dcf34d52566bfd0e3e9129c4438954aedab8ec
b0e72168 · Chris Mihelich · Copybara-Service · 9645a2fb · b0e72168 · b0e72168
Commit b0e72168 authored Jun 04, 2024 by Chris Mihelich Committed by Copybara-Service Jun 04, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 0 deletions

absl/debugging/internal/demangle.cc
+6 -0

absl/debugging/internal/demangle_test.cc
+27 -0

No files found.
--- a/absl/debugging/internal/demangle.cc
+++ b/absl/debugging/internal/demangle.cc
@@ -2352,6 +2352,12 @@ static bool ParseLocalNameSuffix(State *state) {
      (IsDigit(RemainingInput(state)[0]) || RemainingInput(state)[0] == '_')) {
    int number = -1;
    Optional(ParseNumber(state, &number));
+    if (number < -1 || number > 2147483645) {
+      // Work around overflow cases.  We do not expect these outside of a fuzzer
+      // or other source of adversarial input.  If we do detect overflow here,
+      // we'll print {default arg#1}.
+      number = -1;
+    }
    number += 2;
    // The ::{default arg#1}:: infix must be rendered before the lambda itself,

--- a/absl/debugging/internal/demangle_test.cc
+++ b/absl/debugging/internal/demangle_test.cc
@@ -391,6 +391,33 @@ TEST(Demangle, LambdaInClassMemberDefaultArgument) {
  ASSERT_FALSE(Demangle("_ZZN1S1fEPFvvEEdn1_NKUlvE_clEv", tmp, sizeof(tmp)));
 }
+TEST(Demangle, AvoidSignedOverflowForUnfortunateParameterNumbers) {
+  char tmp[100];
+  // Here <number> + 2 fits in an int, but just barely.  (We expect no such
+  // input in practice: real functions don't have billions of arguments.)
+  ASSERT_TRUE(Demangle("_ZZN1S1fEPFvvEEd2147483645_NKUlvE_clEv",
+                       tmp, sizeof(tmp)));
+  EXPECT_STREQ(tmp,
+               "S::f()::{default arg#2147483647}::{lambda()#1}::operator()()");
+  // Now <number> is an int, but <number> + 2 is not.
+  ASSERT_TRUE(Demangle("_ZZN1S1fEPFvvEEd2147483646_NKUlvE_clEv",
+                       tmp, sizeof(tmp)));
+  EXPECT_STREQ(tmp, "S::f()::{default arg#1}::{lambda()#1}::operator()()");
+  // <number> is the largest int.
+  ASSERT_TRUE(Demangle("_ZZN1S1fEPFvvEEd2147483647_NKUlvE_clEv",
+                       tmp, sizeof(tmp)));
+  EXPECT_STREQ(tmp, "S::f()::{default arg#1}::{lambda()#1}::operator()()");
+  // <number> itself does not fit into an int.  ParseNumber truncates the value
+  // to int, yielding a large negative number, which we strain out.
+  ASSERT_TRUE(Demangle("_ZZN1S1fEPFvvEEd2147483648_NKUlvE_clEv",
+                       tmp, sizeof(tmp)));
+  EXPECT_STREQ(tmp, "S::f()::{default arg#1}::{lambda()#1}::operator()()");
+}
 TEST(Demangle, SubstpackNotationForTroublesomeTemplatePack) {
  char tmp[100];