[demangler] Fix an oss-fuzz bug from r338138

Stack overflow on invalid. While collapsing references, we were skipping over a
cycle check in ForwardTemplateReference leading to a stack overflow. This commit
fixes the problem by duplicating the cycle check in ReferenceType.

1 files changed, 8 insertions, 0 deletions

diff --git a/libcxxabi/src/cxa_demangle.cpp b/libcxxabi/src/cxa_demangle.cpp
index 08a2b2bf646..1007d7efaef 100644
--- a/libcxxabi/src/cxa_demangle.cpp
+++ b/libcxxabi/src/cxa_demangle.cpp
@@ -461,6 +461,8 @@ class ReferenceType : public Node {
   const Node *Pointee;
   ReferenceKind RK;
 
+  mutable bool Printing = false;
+
   // Dig through any refs to refs, collapsing the ReferenceTypes as we go. The
   // rule here is rvalue ref to rvalue ref collapses to a rvalue ref, and any
   // other combination collapses to a lvalue ref.
@@ -487,6 +489,9 @@ public:
   }
 
   void printLeft(OutputStream &s) const override {
+    if (Printing)
+      return;
+    SwapAndRestore<bool> SavePrinting(Printing, true);
     std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
     Collapsed.second->printLeft(s);
     if (Collapsed.second->hasArray(s))
@@ -497,6 +502,9 @@ public:
     s += (Collapsed.first == ReferenceKind::LValue ? "&" : "&&");
   }
   void printRight(OutputStream &s) const override {
+    if (Printing)
+      return;
+    SwapAndRestore<bool> SavePrinting(Printing, true);
     std::pair<ReferenceKind, const Node *> Collapsed = collapse(s);
     if (Collapsed.second->hasArray(s) || Collapsed.second->hasFunction(s))
       s += ")";