ld128 demangle: allow space for 'L' suffix.

Summary: Caught by HWASAN on arm64 Android (which uses ld128 for long double). This was running the existing fuzzer. The specific minimized fuzz input to reproduce this is: __cxa_demangle("1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE", 0, 0, 0); Reviewers: eugenis, srhines, #libc_abi! Subscribers: kristof.beyls, danielkiss, libcxx-commits Tags: #libc_abi Differential Revision: https://reviews.llvm.org/D77924
2024-10-19 02:52:53 +02:00 · 2020-04-10 17:42:00 -07:00 · 2020-04-10 17:42:00 -07:00 · 8e3a33cacc
commit 8e3a33cacc
parent 3f4579ac3a
1 changed files with 6 additions and 1 deletions
--- a/include/llvm/Demangle/ItaniumDemangle.h
+++ b/include/llvm/Demangle/ItaniumDemangle.h
@ -5203,7 +5203,12 @@ struct FloatData<long double>
 #else
    static const size_t mangled_size = 20;  // May need to be adjusted to 16 or 24 on other platforms
 #endif
-    static const size_t max_demangled_size = 40;
+    // `-0x1.ffffffffffffffffffffffffffffp+16383` + 'L' + '\0' == 42 bytes.
+    // 28 'f's * 4 bits == 112 bits, which is the number of mantissa bits.
+    // Negatives are one character longer than positives.
+    // `0x1.` and `p` are constant, and exponents `+16383` and `-16382` are the
+    // same length. 1 sign bit, 112 mantissa bits, and 15 exponent bits == 128.
+    static const size_t max_demangled_size = 42;
    static constexpr const char *spec = "%LaL";
 };