Be careful of mangled out of bounds read

author: Kelebek1 2023-01-14 19:53:55 +0000
committer: Kelebek1 2023-01-14 19:53:55 +0000
commit: 42b16bb33ab0a0bb5b8e4032753fbe67bc85844f (patch)
tree: 329775ff39c761ad64ee9a045edd5a983677d90b /src/common/demangle.cpp
parent: Move demangle impl to cpp (diff)
download: yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.tar.gz
yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.tar.xz
yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/src/common/demangle.cpp b/src/common/demangle.cpp
index 17abdb85e..f4246f666 100644
--- a/src/common/demangle.cpp
+++ b/src/common/demangle.cpp
@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 #include "common/demangle.h"
+#include "common/scope_exit.h"
 namespace llvm {
 char* itaniumDemangle(const char* mangled_name, char* buf, size_t* n, int* status);
@@ -13,10 +14,16 @@ std::string DemangleSymbol(const std::string& mangled) {
    auto is_itanium = [](const std::string& name) -> bool {
        // A valid Itanium encoding requires 1-4 leading underscores, followed by 'Z'.
        auto pos = name.find_first_not_of('_');
-        return pos > 0 && pos <= 4 && name[pos] == 'Z';
+        return pos > 0 && pos <= 4 && pos < name.size() && name[pos] == 'Z';
    };
+    if (mangled.empty()) {
+        return mangled;
+    }
    char* demangled = nullptr;
+    SCOPE_EXIT({ std::free(demangled); });
    if (is_itanium(mangled)) {
        demangled = llvm::itaniumDemangle(mangled.c_str(), nullptr, nullptr, nullptr);
    }
@@ -24,10 +31,7 @@ std::string DemangleSymbol(const std::string& mangled) {
    if (!demangled) {
        return mangled;
    }
+    return demangled;
-    std::string ret = demangled;
-    std::free(demangled);
-    return ret;
 }
 } // namespace Common
author	Kelebek1	2023-01-14 19:53:55 +0000
committer	Kelebek1	2023-01-14 19:53:55 +0000
commit	42b16bb33ab0a0bb5b8e4032753fbe67bc85844f (patch)
tree	329775ff39c761ad64ee9a045edd5a983677d90b /src/common/demangle.cpp
parent	Move demangle impl to cpp (diff)
download	yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.tar.gz yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.tar.xz yuzu-42b16bb33ab0a0bb5b8e4032753fbe67bc85844f.zip

diff --git a/src/common/demangle.cpp b/src/common/demangle.cpp index 17abdb85e..f4246f666 100644 --- a/src/common/demangle.cpp +++ b/src/common/demangle.cpp
@@ -2,6 +2,7 @@
2	// SPDX-License-Identifier: GPL-2.0-or-later	2	// SPDX-License-Identifier: GPL-2.0-or-later
3		3
4	#include "common/demangle.h"	4	#include "common/demangle.h"
		5	#include "common/scope_exit.h"
5		6
6	namespace llvm {	7	namespace llvm {
7	char* itaniumDemangle(const char* mangled_name, char* buf, size_t* n, int* status);	8	char* itaniumDemangle(const char* mangled_name, char* buf, size_t* n, int* status);
@@ -13,10 +14,16 @@ std::string DemangleSymbol(const std::string& mangled) {
13	auto is_itanium = [](const std::string& name) -> bool {	14	auto is_itanium = [](const std::string& name) -> bool {
14	// A valid Itanium encoding requires 1-4 leading underscores, followed by 'Z'.	15	// A valid Itanium encoding requires 1-4 leading underscores, followed by 'Z'.
15	auto pos = name.find_first_not_of('_');	16	auto pos = name.find_first_not_of('_');
16	return pos > 0 && pos <= 4 && name[pos] == 'Z';	17	return pos > 0 && pos <= 4 && pos < name.size() && name[pos] == 'Z';
17	};	18	};
18		19
		20	if (mangled.empty()) {
		21	return mangled;
		22	}
		23
19	char* demangled = nullptr;	24	char* demangled = nullptr;
		25	SCOPE_EXIT({ std::free(demangled); });
		26
20	if (is_itanium(mangled)) {	27	if (is_itanium(mangled)) {
21	demangled = llvm::itaniumDemangle(mangled.c_str(), nullptr, nullptr, nullptr);	28	demangled = llvm::itaniumDemangle(mangled.c_str(), nullptr, nullptr, nullptr);
22	}	29	}
@@ -24,10 +31,7 @@ std::string DemangleSymbol(const std::string& mangled) {
24	if (!demangled) {	31	if (!demangled) {
25	return mangled;	32	return mangled;
26	}	33	}
27		34	return demangled;
28	std::string ret = demangled;
29	std::free(demangled);
30	return ret;
31	}	35	}
32		36
33	} // namespace Common	37	} // namespace Common