ld128 demangle: allow space for 'L' suffix.

enh-google · enh-google · commit a7d0b7a786c7 · 2020-08-18T16:14:05.000-07:00
Summary: Caught by HWASAN on arm64 Android (which uses ld128 for long double). This was running the existing fuzzer. The specific minimized fuzz input to reproduce this is: __cxa_demangle("1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE", 0, 0, 0); Reviewers: eugenis, srhines, #libc_abi! Subscribers: kristof.beyls, danielkiss, libcxx-commits Tags: #libc_abi Differential Revision: https://reviews.llvm.org/D77924
diff --git a/libcxxabi/src/demangle/ItaniumDemangle.h b/libcxxabi/src/demangle/ItaniumDemangle.h
@@ -5203,7 +5203,12 @@ struct FloatData<long double>
 #else
     static const size_t mangled_size = 20;  // May need to be adjusted to 16 or 24 on other platforms
 #endif
-    static const size_t max_demangled_size = 40;
+    // `-0x1.ffffffffffffffffffffffffffffp+16383` + 'L' + '\0' == 42 bytes.
+    // 28 'f's * 4 bits == 112 bits, which is the number of mantissa bits.
+    // Negatives are one character longer than positives.
+    // `0x1.` and `p` are constant, and exponents `+16383` and `-16382` are the
+    // same length. 1 sign bit, 112 mantissa bits, and 15 exponent bits == 128.
+    static const size_t max_demangled_size = 42;
     static constexpr const char *spec = "%LaL";
 };
 
diff --git a/libcxxabi/test/test_demangle.pass.cpp b/libcxxabi/test/test_demangle.pass.cpp
@@ -15,6 +15,8 @@
 
 // Is long double fp80?  (Only x87 extended double has 64-bit mantissa)
 #define LDBL_FP80 (__LDBL_MANT_DIG__ == 64)
+// Is long double fp128?
+#define LDBL_FP128 (__LDBL_MANT_DIG__ == 113)
 
 const char* cases[][2] =
 {
@@ -29837,6 +29839,11 @@ struct FPLiteralCase {
         "void test0::h<float>(char (&) [(unsigned int)((sizeof (float)) + (0xap-1L))])",
     }},
 #endif
+#if LDBL_FP128
+    // This was found by libFuzzer+HWASan on aarch64 Android.
+    {"1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE",
+     {"\x6<-0x1.cecececececececececececececep+11983"}},
+#endif
 };
 const unsigned NF = sizeof(fp_literal_cases) / sizeof(fp_literal_cases[0]);
 const unsigned NEF = sizeof(fp_literal_cases[0].expecting) / sizeof(fp_literal_cases[0].expecting[0]);
diff --git a/llvm/include/llvm/Demangle/ItaniumDemangle.h b/llvm/include/llvm/Demangle/ItaniumDemangle.h
@@ -5203,7 +5203,12 @@ struct FloatData<long double>
 #else
     static const size_t mangled_size = 20;  // May need to be adjusted to 16 or 24 on other platforms
 #endif
-    static const size_t max_demangled_size = 40;
+    // `-0x1.ffffffffffffffffffffffffffffp+16383` + 'L' + '\0' == 42 bytes.
+    // 28 'f's * 4 bits == 112 bits, which is the number of mantissa bits.
+    // Negatives are one character longer than positives.
+    // `0x1.` and `p` are constant, and exponents `+16383` and `-16382` are the
+    // same length. 1 sign bit, 112 mantissa bits, and 15 exponent bits == 128.
+    static const size_t max_demangled_size = 42;
     static constexpr const char *spec = "%LaL";
 };
 
