public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c @ 2022-10-01 2:30 bjchan9an at foxmail dot com 2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: bjchan9an at foxmail dot com @ 2022-10-01 2:30 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 Bug ID: 107108 Summary: Uncontrolled stack recursion in rust-demangler.c Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: bjchan9an at foxmail dot com Target Milestone: --- Created attachment 53647 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53647&action=edit nm-new poc file There is an uncontrolled stack recursion vulnerability in libiberty/rust-demangle.c in binutils-2.38, which allows stack consumption in demangle_path_maybe_open_generics(). To reproduce this bug, build the binutils-2.38 release, use the poc file in attachments and run the following commands: ``` nm-new -C ./poc ``` The gdb crash trace is as follows: ``` Program received signal SIGSEGV, Segmentation fault. 0x00000000005f2a2d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1087 1087 backref = parse_integer_62 (rdm); (gdb) bt #0 0x00000000005f2a2d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1087 #1 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #2 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #3 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #4 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #5 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #6 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #7 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #8 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #9 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #10 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #11 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 #12 0x00000000005f2a6d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092 ``` ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com @ 2022-10-03 19:44 ` pinskia at gcc dot gnu.org 2022-10-03 19:45 ` pinskia at gcc dot gnu.org ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-10-03 19:44 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 --- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Can you provided the undemangle symbol. Maybe you could use c++filt to show the issue instead of nm? ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com 2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org @ 2022-10-03 19:45 ` pinskia at gcc dot gnu.org 2022-10-03 19:46 ` pinskia at gcc dot gnu.org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-10-03 19:45 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://gcc.gnu.org/bugzill | |a/show_bug.cgi?id=98886 --- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Plus it might be already fixed. See PR 98886. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com 2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org 2022-10-03 19:45 ` pinskia at gcc dot gnu.org @ 2022-10-03 19:46 ` pinskia at gcc dot gnu.org 2022-10-04 14:24 ` bjchan9an at foxmail dot com 2022-10-04 17:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-10-03 19:46 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 --- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Can you try binutils 2.39? ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com ` (2 preceding siblings ...) 2022-10-03 19:46 ` pinskia at gcc dot gnu.org @ 2022-10-04 14:24 ` bjchan9an at foxmail dot com 2022-10-04 17:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: bjchan9an at foxmail dot com @ 2022-10-04 14:24 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 --- Comment #4 from bjchan9an at foxmail dot com --- (In reply to Andrew Pinski from comment #3) > Can you try binutils 2.39? Yes, this bug has been repaired in binutils 2.39. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com ` (3 preceding siblings ...) 2022-10-04 14:24 ` bjchan9an at foxmail dot com @ 2022-10-04 17:02 ` pinskia at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-10-04 17:02 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED --- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Dup of bug 98886 then. *** This bug has been marked as a duplicate of bug 98886 *** ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-10-04 17:02 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com 2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org 2022-10-03 19:45 ` pinskia at gcc dot gnu.org 2022-10-03 19:46 ` pinskia at gcc dot gnu.org 2022-10-04 14:24 ` bjchan9an at foxmail dot com 2022-10-04 17:02 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).