[1] you link to it using "-liberty", which is cute.
I tend to agree that a parser really shouldn't crash here! But it does have to
cope with arbitrary compiler's name mangling behaviour, which can itself be buggy. So the data it's ingesting can be slightly more "hostile" than I'd have expected.
The most notable occasion I saw the demangler crashing it was with a SIGSEGV after what looked like unbounded recursive calls into the demangling routines.
The developers I was working with at the time had a demangler of their own, which wasn't crashing on the same mangled symbol name...
Their diagnosis was that the mangled name itself was incorrect due to a compiler bug. Attempting to demangle the name would produce infinite expansion - in libiberty's parser, this meant unbounded recursion. In the alternative implementation it just filled the available buffer and bailed out.
[1] you link to it using "-liberty", which is cute.
I tend to agree that a parser really shouldn't crash here! But it does have to cope with arbitrary compiler's name mangling behaviour, which can itself be buggy. So the data it's ingesting can be slightly more "hostile" than I'd have expected.
The most notable occasion I saw the demangler crashing it was with a SIGSEGV after what looked like unbounded recursive calls into the demangling routines.
The developers I was working with at the time had a demangler of their own, which wasn't crashing on the same mangled symbol name...
Their diagnosis was that the mangled name itself was incorrect due to a compiler bug. Attempting to demangle the name would produce infinite expansion - in libiberty's parser, this meant unbounded recursion. In the alternative implementation it just filled the available buffer and bailed out.
(edit: fixed footnote)