cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing btypevec/ktypevec.

	* cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
	btypevec/ktypevec.
	* testsuite/demangle-expected: Add coverage tests.

From-SVN: r234645

diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index d11f4cea099e6b7c4154780ac322981826a5d54e..b4054bdb6be11e920b699e07b45ba5d94f5350a5 100644 (file)
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,10 @@
+2016-03-31  Mikhail Maltsev  <maltsevm@gmail.com>
+           Marcel Bohme  boehme.marcel@gmail.com
+
+       * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
+       btypevec/ktypevec.
+       * testsuite/demangle-expected: Add coverage tests.
+
 2016-01-27  Iain Buclaw  <ibuclaw@gdcproject.org>
 
        * d-demangle.c (dlang_call_convention): Handle extern Objective-C

diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
index c68b9813de25c6ee39e5288bf74649a1d2de3965..7ab46ddac48674dd0cd2c816a342a3b2deef7022 100644 (file)
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work)
     {
       free ((char *) work -> btypevec);
       work->btypevec = NULL;
+      work->bsize = 0;
     }
   if (work -> ktypevec != NULL)
     {
       free ((char *) work -> ktypevec);
       work->ktypevec = NULL;
+      work->ksize = 0;
     }
 }
 

diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected
index aebf01b3add7c858c6673ff3ae3f73e784521e51..e214ee5a987a10d94217851c39df186dea57e2c3 100644 (file)
--- a/libiberty/testsuite/demangle-expected
+++ b/libiberty/testsuite/demangle-expected
@@ -4421,3 +4421,13 @@ void baz<int>(A<sizeof (foo((int)(), (floatcomplex )00000000_00000000))>*)
 --format=gnu-v3
 _Z3fooI1FEN1XIXszdtcl1PclcvT__EEE5arrayEE4TypeEv
 X<sizeof ((P(((F)())())).array)>::Type foo<F>()
+#
+# Tests a use-after-free problem
+
+_Q.__0
+::Q.(void)
+#
+# Tests a use-after-free problem
+
+_Q10-__9cafebabe.
+cafebabe.::-(void)