Fix from Dale Hawkins:

* cplus-dem.c (mop_up): Set typevec_size to zero, so it'll be reallocated properly if we use it again. * cplus-dem.c (demangle_fund_type): Check for buffer overrun. Be stricter about syntax. Always null-terminate string. From-SVN: r26562

Fix from Dale Hawkins:
* cplus-dem.c (mop_up): Set typevec_size to zero, so it'll be reallocated properly if we use it again. * cplus-dem.c (demangle_fund_type): Check for buffer overrun. Be stricter about syntax. Always null-terminate string. From-SVN: r26562
c5a855ce · Jim Blandy · 296967fe · c5a855ce
Commit c5a855ce authored Apr 20, 1999 by Jim Blandy
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletions

libiberty/cplus-dem.c
+10 -1

No files found.
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -880,6 +880,7 @@ mop_up (work, declp, success)
    {
      free ((char *) work -> typevec);
      work -> typevec = NULL;
+      work -> typevec_size = 0;
    }
  if (work->tmpl_argvec)
    {
@@ -3377,14 +3378,22 @@ demangle_fund_type (work, mangled, result)
 	{
 	  int i;
 	  ++(*mangled);
-	  for (i = 0; **mangled && **mangled != '_'; ++(*mangled), ++i)
+	  for (i = 0;
+	       (i < sizeof (buf) - 1 && **mangled && **mangled != '_');
+	       ++(*mangled), ++i)
 	    buf[i] = **mangled;
+	  if (**mangled != '_')
+	    {
+	      success = 0;
+	      break;
+	    }
 	  buf[i] = '\0';
 	  ++(*mangled);
 	}
      else
 	{
 	  strncpy (buf, *mangled, 2);
+	  buf[2] = '\0';
 	  *mangled += 2;
 	}
      sscanf (buf, "%x", &dec);