Fix bug found by fuzzer. Also, add the demangle fuzzer code. Test: Ran fuzzer, ran new unit tests. Change-Id: If3e15e10af88b81602a8a0f0bfe071a015f6000b

commit: 15d2e42cebeedca47ed9add363bbf70df56d1e2c [log] [tgz]
author: Christopher Ferris <cferris@google.com> Wed May 31 14:40:15 2017 -0700
committer: Christopher Ferris <cferris@google.com> Wed May 31 17:54:19 2017 -0700
tree: 779d32e2283f80d5fbc8f1c9f00e930f41229992
parent: b46fd68653131d276ccb23ba7790640c6a9c1c7d [diff] [blame]
diff --git a/demangle/Demangler.cpp b/demangle/Demangler.cpp
index 77cfd3b..1b7406d 100644
--- a/demangle/Demangler.cpp
+++ b/demangle/Demangler.cpp

@@ -542,9 +542,8 @@
     } else {
       suffix = " volatile";
     }
-    if (name[-1] == 'K' || name[-1] == 'V') {
+    if (!cur_state_.suffixes.empty() && (name[-1] == 'K' || name[-1] == 'V')) {
       // Special case, const/volatile apply as a single entity.
-      assert(!cur_state_.suffixes.empty());
       size_t index = cur_state_.suffixes.size();
       cur_state_.suffixes[index-1].insert(0, suffix);
     } else {
@@ -723,7 +722,8 @@
       && static_cast<size_t>(cur_name - name) < max_length) {
     cur_name = (this->*parse_func_)(cur_name);
   }
-  if (cur_name == nullptr || *cur_name != '\0' || function_name_.empty()) {
+  if (cur_name == nullptr || *cur_name != '\0' || function_name_.empty() ||
+      !cur_state_.suffixes.empty()) {
     return name;
   }
commit	15d2e42cebeedca47ed9add363bbf70df56d1e2c	[log] [tgz]
author	Christopher Ferris <cferris@google.com>	Wed May 31 14:40:15 2017 -0700
committer	Christopher Ferris <cferris@google.com>	Wed May 31 17:54:19 2017 -0700
tree	779d32e2283f80d5fbc8f1c9f00e930f41229992
parent	b46fd68653131d276ccb23ba7790640c6a9c1c7d [diff] [blame]