Kyle Huey

I fixed C++ reference collapsing which is the last non-style bug remaining in this report. The only remaining discrepancies between us and libiberty here are `0ul` vs `(unsigned long)0` and...

Thanks. The non-reproducible crashes may be memory exhaustion. afl limits the fuzzee to a relatively low amount of memory (I think 50MB) and the inputs might blow past that.

I think a more useful thing would be to limit cpp_demangle's memory usage when you rerun the crashes afl produced and see if they become reproducible.

It would be tough without switching to something like a pre-reserved arena that we could allocate from during the stack walk.

I took a quick look at this. The demangler does use Box, Vec, and String, so it does need the ability to allocate. Box and Vec have configurable allocators so...

Demangling C++ symbols at a minimum requires a variable size substitution table that depends on the symbol parsed so there's no way to demangle them without obtaining memory from either...

The ultimate source of this construct appears to be itanium-cxx-abi/cxx-abi#85.

One thing that's a bit tricky here is I believe these template parameters can be used as substitutions later (see https://github.com/llvm/llvm-project/blob/847299d3f00507f172097bad9dde61dfad0d355b/llvm/include/llvm/Demangle/ItaniumDemangle.h#L5397). We may need to implement `ArgScope` for `ClosureTypeName` or...

Templated lambdas (#209) are the big piece left here I believe.

I'll probably do another minor release before that happens, then.