1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <cxxabi.h>
30 #include <gtest/gtest.h>
31 #include <string.h>
32 
TEST(__cxa_demangle,cxa_demangle_fuzz_152588929)33 TEST(__cxa_demangle, cxa_demangle_fuzz_152588929) {
34 #if defined(__aarch64__)
35   // Test the C++ demangler on an invalid mangled string. libc++abi currently
36   // parses it like so:
37   //    (1 "\006") (I (L e "eeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" E) E)
38   // There are a few interesting things about this mangled input:
39   //  - The IA64 C++ ABI specifies that an FP literal's hex chars are lowercase.
40   //    The libc++abi demangler currently accepts uppercase A-F digits, which is
41   //    confusing because 'E' is supposed to mark the end of the <expr-primary>.
42   //  - libc++abi uses snprintf("%a") which puts an unspecified number of bits
43   //    in the digit before the decimal point.
44   //  - The identifier name is "\006", and the IA64 C++ ABI spec is explicit
45   //    about not specifying the encoding for characters outside of
46   //    [_A-Za-z0-9].
47   //  - The 'e' type is documented as "long double, __float80", and in practice
48   //    the length of the literal depends on the arch. For arm64, it is a
49   //    128-bit FP type encoded using 32 hex chars. The situation with x86-64
50   //    Android OTOH is messy because Clang uses 'g' for its 128-bit
51   //    long double.
52   char* p = abi::__cxa_demangle("1\006ILeeeEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE", 0, 0, 0);
53   if (p && !strcmp(p, "\x6<-0x1.cecececececececececececececep+11983")) {
54     // Prior to llvm.org/D77924, libc++abi left off the "L>" suffix.
55   } else if (p && !strcmp(p, "\x6<-0x1.cecececececececececececececep+11983L>")) {
56     // After llvm.org/D77924, the "L>" suffix is present. libc++abi
57     // accepts A-F digits but decodes each using (digit - 'a' + 10), turning 'E'
58     // into -18.
59   } else {
60     // TODO: Remove the other accepted outputs, because libc++abi probably
61     // should reject this input.
62     ASSERT_EQ(nullptr, p) << p;
63   }
64   free(p);
65 #endif
66 }
67 
TEST(__cxa_demangle,DISABLED_cxa_demangle_fuzz_167977068)68 TEST(__cxa_demangle, DISABLED_cxa_demangle_fuzz_167977068) {
69 #if defined(__aarch64__)
70   char* p = abi::__cxa_demangle("DTLeeeeeeeeeeeeeeeeeeeeeeeeeEEEEeeEEEE", 0, 0, 0);
71   ASSERT_EQ(nullptr, p) << p;
72   free(p);
73 #endif
74 }
75