[Bug demangler/98916] New: stack overflow in cxxfilt, str_buf

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug demangler/98916] New: stack overflow in cxxfilt, str_buf_reserve, rust-demangle.c:1432
@ 2021-02-01 11:50 featherrain26 at gmail dot com
  2021-12-27  8:25 ` [Bug demangler/98916] " pinskia at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: featherrain26 at gmail dot com @ 2021-02-01 11:50 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98916

            Bug ID: 98916
           Summary: stack overflow in cxxfilt, str_buf_reserve,
                    rust-demangle.c:1432
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: demangler
          Assignee: unassigned at gcc dot gnu.org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 50107
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50107&action=edit
POC

Hi, there.

There is a stack overflow in the newest version(2eda57ef) of cxxfilt,
rust-demangle.c:1432 related to path demangling, which directly causes a
segmentation fault.

System information:
Description:    Ubuntu 16.04.6 LTS
Release:        16.04
Codename:       xenial
gcc version:    5.4 

To reproduce, the compile flag is:
CFLAGS="-g -O0 -fsanitize=address" ./configure;make

then run
cxxfilt < poc

Here is the trace reported by ASAN:
==6400==ERROR: AddressSanitizer: stack-overflow on address 0x7ffedc582fe8 (pc
0x000000969e78 bp 0x7ffedcd81750 sp 0x7ffedc582fe8 T0)
     #0 0x969e77 in str_buf_reserve ../../libiberty/rust-demangle.c:1432
     #1 0x969e77 in str_buf_append ../../libiberty/rust-demangle.c:1486
     #2 0x969e77 in str_buf_demangle_callback
../../libiberty/rust-demangle.c:1497
     #3 0x7ffedcd8174f  (<unknown module>)

 SUMMARY: AddressSanitizer: stack-overflow ../../libiberty/rust-demangle.c:1432
str_buf_reserve
 ==6400==ABORTING

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug demangler/98916] stack overflow in cxxfilt, str_buf_reserve, rust-demangle.c:1432
  2021-02-01 11:50 [Bug demangler/98916] New: stack overflow in cxxfilt, str_buf_reserve, rust-demangle.c:1432 featherrain26 at gmail dot com
@ 2021-12-27  8:25 ` pinskia at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-27  8:25 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98916

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 98886.

*** This bug has been marked as a duplicate of bug 98886 ***

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-12-27  8:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 11:50 [Bug demangler/98916] New: stack overflow in cxxfilt, str_buf_reserve, rust-demangle.c:1432 featherrain26 at gmail dot com
2021-12-27  8:25 ` [Bug demangler/98916] " pinskia at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).