When calling the C++ demangler, make sure to free the returned buffer,

which might have been reallocated.

Pointed out by:	stefanf

1 files changed, 24 insertions, 6 deletions

diff --git a/lib/libproc/proc_sym.c b/lib/libproc/proc_sym.c
index 0940df8..4bef7f0 100644
--- a/lib/libproc/proc_sym.c
+++ b/lib/libproc/proc_sym.c
@@ -51,6 +51,26 @@ extern char *__cxa_demangle(const char *, char *, size_t *, int *);
 static void	proc_rdl2prmap(rd_loadobj_t *, prmap_t *);
 
 static void
+demangle(const char *symbol, char *buf, size_t len)
+{
+	char *dembuf;
+	size_t demlen = len;
+
+	dembuf = malloc(len);
+	if (!dembuf)
+		goto fail;
+	dembuf = __cxa_demangle(symbol, dembuf, &demlen, NULL);
+	if (!dembuf)
+		goto fail;
+	strlcpy(buf, dembuf, len);
+	free(dembuf);
+
+	return;
+fail:
+	strlcpy(buf, symbol, len);
+}
+
+static void
 proc_rdl2prmap(rd_loadobj_t *rdl, prmap_t *map)
 {
 	map->pr_vaddr = rdl->rdl_saddr;
@@ -268,9 +288,8 @@ proc_addr2sym(struct proc_handle *p, uintptr_t addr, char *name,
 		if (addr >= rsym && addr <= (rsym + sym.st_size)) {
 			s = elf_strptr(e, dynsymstridx, sym.st_name);
 			if (s) {
-				if (strlen(s) > 2 && 
-				    s[0] == '_' && s[1] == 'Z')
-					__cxa_demangle(s, name, &namesz, NULL);
+				if (s[0] == '_' && s[1] == 'Z' && s[2])
+					demangle(s, name, namesz);
 				else
 					strlcpy(name, s, namesz);
 				memcpy(symcopy, &sym, sizeof(sym));
@@ -308,9 +327,8 @@ symtab:
 		if (addr >= rsym && addr <= (rsym + sym.st_size)) {
 			s = elf_strptr(e, symtabstridx, sym.st_name);
 			if (s) {
-				if (strlen(s) > 2 && 
-				    s[0] == '_' && s[1] == 'Z')
-					__cxa_demangle(s, name, &namesz, NULL);
+				if (s[0] == '_' && s[1] == 'Z' && s[2])
+					demangle(s, name, namesz);
 				else
 					strlcpy(name, s, namesz);
 				memcpy(symcopy, &sym, sizeof(sym));