public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c
@ 2022-10-01 2:30 bjchan9an at foxmail dot com
2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: bjchan9an at foxmail dot com @ 2022-10-01 2:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
Bug ID: 107108
Summary: Uncontrolled stack recursion in rust-demangler.c
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: bjchan9an at foxmail dot com
Target Milestone: ---
Created attachment 53647
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53647&action=edit
nm-new poc file
There is an uncontrolled stack recursion vulnerability in
libiberty/rust-demangle.c in binutils-2.38, which allows stack consumption in
demangle_path_maybe_open_generics().
To reproduce this bug, build the binutils-2.38 release, use the poc file in
attachments and run the following commands:
```
nm-new -C ./poc
```
The gdb crash trace is as follows:
```
Program received signal SIGSEGV, Segmentation fault.
0x00000000005f2a2d in demangle_path_maybe_open_generics (rdm=0x7fffffffe0b8) at
../../libiberty/rust-demangle.c:1087
1087 backref = parse_integer_62 (rdm);
(gdb) bt
#0 0x00000000005f2a2d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1087
#1 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#2 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#3 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#4 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#5 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#6 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#7 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#8 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#9 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#10 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#11 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
#12 0x00000000005f2a6d in demangle_path_maybe_open_generics
(rdm=0x7fffffffe0b8) at ../../libiberty/rust-demangle.c:1092
```
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
@ 2022-10-03 19:44 ` pinskia at gcc dot gnu.org
2022-10-03 19:45 ` pinskia at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-10-03 19:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Can you provided the undemangle symbol. Maybe you could use c++filt to show the
issue instead of nm?
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org
@ 2022-10-03 19:45 ` pinskia at gcc dot gnu.org
2022-10-03 19:46 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-10-03 19:45 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=98886
--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Plus it might be already fixed. See PR 98886.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org
2022-10-03 19:45 ` pinskia at gcc dot gnu.org
@ 2022-10-03 19:46 ` pinskia at gcc dot gnu.org
2022-10-04 14:24 ` bjchan9an at foxmail dot com
2022-10-04 17:02 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-10-03 19:46 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
--- Comment #3 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Can you try binutils 2.39?
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
` (2 preceding siblings ...)
2022-10-03 19:46 ` pinskia at gcc dot gnu.org
@ 2022-10-04 14:24 ` bjchan9an at foxmail dot com
2022-10-04 17:02 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: bjchan9an at foxmail dot com @ 2022-10-04 14:24 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
--- Comment #4 from bjchan9an at foxmail dot com ---
(In reply to Andrew Pinski from comment #3)
> Can you try binutils 2.39?
Yes, this bug has been repaired in binutils 2.39.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug demangler/107108] Uncontrolled stack recursion in rust-demangler.c
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
` (3 preceding siblings ...)
2022-10-04 14:24 ` bjchan9an at foxmail dot com
@ 2022-10-04 17:02 ` pinskia at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-10-04 17:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107108
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|UNCONFIRMED |RESOLVED
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 98886 then.
*** This bug has been marked as a duplicate of bug 98886 ***
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-10-04 17:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-01 2:30 [Bug demangler/107108] New: Uncontrolled stack recursion in rust-demangler.c bjchan9an at foxmail dot com
2022-10-03 19:44 ` [Bug demangler/107108] " pinskia at gcc dot gnu.org
2022-10-03 19:45 ` pinskia at gcc dot gnu.org
2022-10-03 19:46 ` pinskia at gcc dot gnu.org
2022-10-04 14:24 ` bjchan9an at foxmail dot com
2022-10-04 17:02 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).