libiberty: prevent buffer overflow when decoding user input

libiberty/
	* d-demangle.c (dlang_symbol_backref): Ensure strlen of
	string is less than length computed by dlang_number.

diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
index a2152cc65518e468fd5d8ba254c011449fca2b8e..7ded3e2a256355e0daf912a448d5202a89e95063 100644 (file)
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -381,7 +381,7 @@ dlang_symbol_backref (string *decl, const char *mangled,
 
   /* Must point to a simple identifier.  */
   backref = dlang_number (backref, &len);
-  if (backref == NULL)
+  if (backref == NULL || strlen(backref) < len)
     return NULL;
 
   backref = dlang_lname (decl, backref, len);