From 12be6f12e87abc3e1edd3cc6cdc20334bdd63380 Mon Sep 17 00:00:00 2001 From: Justine Tunney Date: Thu, 9 May 2024 19:55:45 -0600 Subject: [PATCH] Fix memory corruption in C++ demangler The __cxa_demangle_gnu3() and cpp_demangle_gnu3() functions segfault on various libcxxabi test cases due to a copy and paste error. This change fixes that. This is a subset of https://github.com/libcxxrt/libcxxrt/pull/34 which fixes the immediate problem. Reviewed by: imp, emaste (I think) Pull Request: https://github.com/freebsd/freebsd-src/pull/1222 --- contrib/elftoolchain/libelftc/libelftc_dem_gnu3.c | 2 +- contrib/libcxxrt/libelftc_dem_gnu3.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/elftoolchain/libelftc/libelftc_dem_gnu3.c b/contrib/elftoolchain/libelftc/libelftc_dem_gnu3.c index a84ca2649497..223878aa34ea 100644 --- a/contrib/elftoolchain/libelftc/libelftc_dem_gnu3.c +++ b/contrib/elftoolchain/libelftc/libelftc_dem_gnu3.c @@ -2138,7 +2138,7 @@ cpp_demangle_read_sname(struct cpp_demangle_data *ddata) assert(ddata->cur_output->size > 0); if (vector_read_cmd_find(&ddata->cmd, READ_TMPL) == NULL) ddata->last_sname = - ddata->cur_output->container[ddata->output.size - 1]; + ddata->cur_output->container[ddata->cur_output->size - 1]; ddata->cur += len; diff --git a/contrib/libcxxrt/libelftc_dem_gnu3.c b/contrib/libcxxrt/libelftc_dem_gnu3.c index e75d1694562e..dbdbd6f2414e 100644 --- a/contrib/libcxxrt/libelftc_dem_gnu3.c +++ b/contrib/libcxxrt/libelftc_dem_gnu3.c @@ -2472,7 +2472,7 @@ cpp_demangle_read_sname(struct cpp_demangle_data *ddata) assert(ddata->cur_output->size > 0); if (vector_read_cmd_find(&ddata->cmd, READ_TMPL) == NULL) ddata->last_sname = - ddata->cur_output->container[ddata->output.size - 1]; + ddata->cur_output->container[ddata->cur_output->size - 1]; ddata->cur += len;