From 8b8f7f355bf7dfe0b83538c0fcd6f678c7c15dca Mon Sep 17 00:00:00 2001
From: Giovanni <561184+wargio@users.noreply.github.com>
Date: Sun, 12 Nov 2023 19:58:08 +0800
Subject: [PATCH] Use snprintf and add extra check on invalid hex values. (#61)

---
 src/gnu_v2/cplus-dem.c | 17 +++++++++++------
 test/test_cxx_gnu_v2.c |  1 +
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/gnu_v2/cplus-dem.c b/src/gnu_v2/cplus-dem.c
index 7ef3f64..c63a505 100644
--- a/src/gnu_v2/cplus-dem.c
+++ b/src/gnu_v2/cplus-dem.c
@@ -1187,7 +1187,7 @@ type_kind_t tk;
 			string_append(s, work->tmpl_argvec[idx]);
 		else {
 			char buf[10];
-			sprintf(buf, "T%d", idx);
+			snprintf(buf, sizeof(buf), "T%d", idx);
 			string_append(s, buf);
 		}
 	} else if (tk == tk_integral)
@@ -1328,7 +1328,7 @@ int remember;
 					string_append(trawname, work->tmpl_argvec[idx]);
 			} else {
 				char buf[10];
-				sprintf(buf, "T%d", idx);
+				snprintf(buf, sizeof(buf), "T%d", idx);
 				string_append(tname, buf);
 				if (trawname)
 					string_append(trawname, buf);
@@ -2056,7 +2056,7 @@ string *declp;
 
 			if (method) {
 				char buf[50];
-				sprintf(buf, "virtual function thunk (delta:%d) for ", -delta);
+				snprintf(buf, sizeof(buf), "virtual function thunk (delta:%d) for ", -delta);
 				string_append(declp, buf);
 				string_append(declp, method);
 				free(method);
@@ -2689,7 +2689,7 @@ string *result;
 					string_append(result, work->tmpl_argvec[idx]);
 				else {
 					char buf[10];
-					sprintf(buf, "T%d", idx);
+					snprintf(buf, sizeof(buf), "T%d", idx);
 					string_append(result, buf);
 				}
 
@@ -2863,8 +2863,9 @@ string *result;
 			(*mangled)++;
 			for (i = 0;
 				i < sizeof(buf) - 1 && **mangled && **mangled != '_';
-				(*mangled)++, i++)
+				(*mangled)++, i++) {
 				buf[i] = **mangled;
+			}
 			if (**mangled != '_') {
 				success = 0;
 				break;
@@ -2877,7 +2878,11 @@ string *result;
 			*mangled += min(strlen(*mangled), 2);
 		}
 		sscanf(buf, "%x", &dec);
-		sprintf(buf, "int%i_t", dec);
+		if (dec > 64 || dec < 8) {
+			success = 0;
+			break;
+		}
+		snprintf(buf, sizeof(buf), "int%i_t", dec);
 		APPEND_BLANK(result);
 		string_append(result, buf);
 		break;
diff --git a/test/test_cxx_gnu_v2.c b/test/test_cxx_gnu_v2.c
index b05df10..679fd7b 100644
--- a/test/test_cxx_gnu_v2.c
+++ b/test/test_cxx_gnu_v2.c
@@ -20,6 +20,7 @@ mu_demangle_tests(gnu_v2,
 	mu_demangle_test("foo__1Ai", "A::foo(int)"),
 	mu_demangle_test("foo__1Afe", "A::foo(float,...)"),
 	mu_demangle_test("_AddColor__10ZafDisplayUcUcUcUcUc", "ZafDisplay::_AddColor(unsigned char, unsigned char, unsigned char, unsigned char, unsigned char)"),
+	mu_demangle_test("I_EEEEET_PNS0_7IsolateENS0_7Runtime10FunctionIdEPKNS2_16TSCallDescriptorENS2_7OpIndexESU_RKT0_", NULL),
 	// end
 );