From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=v7Zu=55=gmail.com=amodra@sourceware.org>
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030])
	by sourceware.org (Postfix) with ESMTPS id 6E2253858412
	for <binutils@sourceware.org>; Wed,  1 Feb 2023 11:59:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6E2253858412
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pj1-x1030.google.com with SMTP id 88so17087894pjo.3
        for <binutils@sourceware.org>; Wed, 01 Feb 2023 03:59:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=MuceQW9pv/iuYJfMXWrRERAFeC0rTQw/Qsze4M6Exh0=;
        b=eQHqIt15QsAE2DSAvZWVo+EAlc8y8eRm2GhXctdwhkAXVM0iLV7k6Yr6VbNb0gz3uV
         Jgm6gZBb9HGcCOB6tGn70a4puUidNfgVOiB5pWdTHsI7cOxqx/bJKPU1WvBopDLVENj/
         rz9MjmIXxs8PSm763durZ10tktGc8RczMnJ8XEQwdMnCrDdoMUiZK0q5r+1rdMn+71FD
         8OMI2cLeQPKhLlsT7n2zHgIQGFFII7J2kdYyvLu7Irwx42IfsWW0aR7+Pit/6swsTLo5
         iPJq0noeaGTDx7P9c/mAgpQDCAA+MX56KSLL1zP46hvHr6o5af+O2A2W8iPMdmhxsGPc
         oMuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MuceQW9pv/iuYJfMXWrRERAFeC0rTQw/Qsze4M6Exh0=;
        b=Cri9syzBtTduCKBL93TqKaqAUTmrDiST/2E74+oB5AOUyRwYzjgkaoLPwOuKDIWrzu
         MNOZa2RYfiWRZl9fPzGs5bFw1BWPzOD4RLiIeBlJXtki/x7nokdb4ACU50fsAEcnJS3j
         L6IUx+Edqx0oo7+J9m3npTjPfiQHwBzS4a1eTJ/U4lEvX9Y9IfHVrw25z2lw+zgEqGQV
         Wtc6XjEs20vkdG9nlo+cWs2Coocy4//EyEExstVAFWao4/cJrxb+H2X26DU5uywMzwvj
         T78/eXHCgnGofWhCz7euM+jbbd+2jNOtgJH61uFL2/HEXaQQy3ouAdMzMyrm2h58fCnO
         7KGw==
X-Gm-Message-State: AO0yUKUviG2tIi/5mNfDDZHX3D8TbzGFkDJ+pky4QCbAP/fGdzNJRocB
	l89j5TmjuaynkHnz1r8zs3oX5pO1wAs=
X-Google-Smtp-Source: AK7set+KTj6AJSBNUIGiFjlvLI+ZW9Kq4y7abYaISI6/V0u22H2R12WBNi6NtOOslF6MyGvGSDhiaA==
X-Received: by 2002:a05:6a20:9f49:b0:bf:1178:4fe6 with SMTP id ml9-20020a056a209f4900b000bf11784fe6mr2258528pzb.9.1675252757252;
        Wed, 01 Feb 2023 03:59:17 -0800 (PST)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158])
        by smtp.gmail.com with ESMTPSA id q7-20020a63ae07000000b004dea53e52desm667727pgf.27.2023.02.01.03.59.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Feb 2023 03:59:16 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
	id 1A8391140397; Wed,  1 Feb 2023 22:29:14 +1030 (ACDT)
Date: Wed, 1 Feb 2023 22:29:14 +1030
From: Alan Modra <amodra@gmail.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: binutils@sourceware.org
Subject: Re: Recursion in as_info_where
Message-ID: <Y9pUEpcfeEz4PqkC@squeak.grove.modra.org>
References: <Y9oIhhJR9qaUEmFI@squeak.grove.modra.org>
 <2d6291d4-7307-079b-1cfe-54ae6eb0f951@suse.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2d6291d4-7307-079b-1cfe-54ae6eb0f951@suse.com>
X-Spam-Status: No, score=-3035.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

On Wed, Feb 01, 2023 at 10:24:25AM +0100, Jan Beulich wrote:
> On 01.02.2023 07:36, Alan Modra via Binutils wrote:
> > This function has a gas_assert, ie. possible call to as_abort, which
> > calls as_report_context, which calls as_info_where.  Attached fuzzer
> > testcase managed to trigger a stack overflow.
> > 
> > 	* messages.c (as_info_where): Don't gas_assert.
> > 
> > diff --git a/gas/messages.c b/gas/messages.c
> > index 0db075d779c..7c018acf69f 100644
> > --- a/gas/messages.c
> > +++ b/gas/messages.c
> > @@ -141,8 +141,6 @@ as_info_where (const char *file, unsigned int line, unsigned int indent,
> >    va_list args;
> >    char buffer[2000];
> >  
> > -  gas_assert (file != NULL && line > 0 && indent <= INT_MAX);
> 
> If this go in the way, isn't it that the assertion actually triggered?
> In which case shouldn't the cause for it triggering be addressed
> instead, to avoid subsequent knock-on damage (e.g. from de-referencing
> "file"? (I may want to play with the testcase a little myself.)

The testcase is really weird, something that no programmer would ever
write.  It failed the assert with line == 0.  I'll let you discover
the horrible "# line file" with embedded \0 that gets you there.  :-)
I'm not motivated to fix that sort of insanity.

-- 
Alan Modra
Australia Development Lab, IBM