libiberty: prevent buffer overflow when decoding user input

libiberty/ * d-demangle.c (dlang_symbol_backref): Ensure strlen of string is less than length computed by dlang_number.
2021-09-23 11:33:47 -04:00 · 2021-09-23 11:33:47 -04:00 · 5481040197
commit 5481040197
parent 43358e91bd
1 changed files with 1 additions and 1 deletions
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@ -381,7 +381,7 @@ dlang_symbol_backref (string *decl, const char *mangled,

  /* Must point to a simple identifier.  */
  backref = dlang_number (backref, &len);
-  if (backref == NULL)
+  if (backref == NULL || strlen(backref) < len)
    return NULL;

  backref = dlang_lname (decl, backref, len);