https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
Bernhard Kaindl <bernhard.kaindl at thalesgroup dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bernhard.kaindl@thalesgroup
| |.com
--- Comment #5 from Bernhard Kaindl <bernhard.kaindl at thalesgroup dot com> ---
Simple observation from the asan traces, the source and a quick test:
iterate_demangle_function (struct work_stuff *work, ...
{
[only cases for early returns here]
work_stuff_copy_to_from (&work_init, work); <- SEGV on a member of work here
work_stuff_copy_to_from () is a dumb copy function which assumes that the
vectors it shall copy have been allocated:
void work_stuff_copy_to_from (struct work_stuff *to, struct work_stuff *from)
[nothing relevant here]
for... {
int len = strlen (from->ktypevec[i]) + 1; <- SIGSEGV happens here bc
NULL.
I verified that function remember_Ktype() which does the all allocation of
work_stuff->ktypevec is never called by these POCs, hence ktypevec is still
NULL, causing the SIGSEGV.
iterate_demangle_function() itself is called from a rather complex function.
The only safe fix: Before copying work_stuff, check the work_stuff vectors to
be already. If not, return 0 -> no demangle.
