public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug demangler/104186] New: Stack overflow in demangle_type() -> print_str() in libiberty/rust-demangle.c:869, cxxfilt
@ 2022-01-22 15:20 sanjayr at ymail dot com
2022-01-22 17:54 ` [Bug demangler/104186] " pinskia at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: sanjayr at ymail dot com @ 2022-01-22 15:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104186
Bug ID: 104186
Summary: Stack overflow in demangle_type() -> print_str() in
libiberty/rust-demangle.c:869, cxxfilt
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: sanjayr at ymail dot com
Target Milestone: ---
Created attachment 52268
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52268&action=edit
Commandline input for the crash (cxxfilt < PoV)
Hello,
While evaluating our new fuzzer on cxxfilt, we found several stack overflows in
libiberty/rust-demangle.c. This issue is specific to a stack overflow in
demangle_type(), which internally called a macro PRINT() that unfolds in
calling to print_str(). Looks like, the copy operation in this function does
not check buf length properly.
We compiled the utility (binutils cxxfilt) with ASAN.
Comandline: cxxfilt < input_file (PoV that is attached)
ASan outupt:
===================================
status: 1
sanitizer: ASAN
error class: stack-overflow
location: __interceptor_strlen.part.0 in
/home/xyzz/build/llvm_tools/llvm-11.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:370:31
backtrace:
#0 46ec57 __interceptor_strlen.part.0 in
/home/xyzz/build/llvm_tools/llvm-11.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:370:31
#1 857cb1 demangle_type in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:869:7
#3 853d83 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:747:7
#4 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#5 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#6 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#7 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#8 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#9 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#10 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#11 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#12 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#13 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#14 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#15 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#16 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#17 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#18 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#19 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#20 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#21 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#22 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#23 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#24 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#25 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#26 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#27 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#28 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
#29 8542e4 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:774:11
#30 853e11 demangle_path in
/home/xyzz/MyProject/remote_fuzz_suite/target_src/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:751:11
.....
.......
==================================
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug demangler/104186] Stack overflow in demangle_type() -> print_str() in libiberty/rust-demangle.c:869, cxxfilt
2022-01-22 15:20 [Bug demangler/104186] New: Stack overflow in demangle_type() -> print_str() in libiberty/rust-demangle.c:869, cxxfilt sanjayr at ymail dot com
@ 2022-01-22 17:54 ` pinskia at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-01-22 17:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104186
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 99935.
*** This bug has been marked as a duplicate of bug 99935 ***
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-22 17:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-22 15:20 [Bug demangler/104186] New: Stack overflow in demangle_type() -> print_str() in libiberty/rust-demangle.c:869, cxxfilt sanjayr at ymail dot com
2022-01-22 17:54 ` [Bug demangler/104186] " pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).