public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug other/99763] New: c++filt crashes when demangling
@ 2021-03-25 7:49 bajinsheng at outlook dot com
2021-03-25 7:52 ` [Bug other/99763] " bajinsheng at outlook dot com
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 7:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
Bug ID: 99763
Summary: c++filt crashes when demangling
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: bajinsheng at outlook dot com
Target Milestone: ---
the payload to trigger the crash
The bug is about segment fault, which may be caused by endless loop.
Source code repository:
git://sourceware.org/git/binutils-gdb.git
commit:
12af5ebd820425e8ad843a1dac687a2fffc4a2e3
Date:
Tue Mar 23 00:00:07 2021 +0000
Compiler:
Clang-12
OS:
Ubuntu 16.04.7 LTS
The call stack of the bug:
#0 0x00000000004beff1 in demangle_path (rdm=rdm@entry=0x7ffe5ead2850,
in_value=in_value@entry=1)
at ./rust-demangle.c:664
#1 0x00000000004bf4d8 in demangle_path (rdm=rdm@entry=0x7ffe5ead2850,
in_value=in_value@entry=1)
at ./rust-demangle.c:774
………..
#52364 0x00000000004bf4d8 in demangle_path (rdm=rdm@entry=0x7ffe5ead2850,
in_value=in_value@entry=1)
at ./rust-demangle.c:774
#52365 0x00000000004bf4d8 in demangle_path (rdm=rdm@entry=0x7ffe5ead2850,
in_value=in_value@entry=1)
at ./rust-demangle.c:774
#52366 0x00000000004be5f0 in rust_demangle_callback (mangled=<optimized out>,
options=267,
callback=<optimized out>, opaque=0x7ffe5ead28d0) at ./rust-demangle.c:1400
#52367 0x00000000004bf8d2 in rust_demangle (mangled=0x7ffe5ead2850 "\302sq",
options=1)
at ./rust-demangle.c:1511
#52368 0x00000000004a4a0d in cplus_demangle (mangled=0x7173c0 <main.mbuffer>
"_RB_R", options=267)
at ./cplus-dem.c:166
I upload the payload to reproduce the bug:
cat payload | ./c++filt
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
@ 2021-03-25 7:52 ` bajinsheng at outlook dot com
2021-03-25 9:41 ` marxin at gcc dot gnu.org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 7:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #1 from Ba Jinsheng <bajinsheng at outlook dot com> ---
*** Bug 99762 has been marked as a duplicate of this bug. ***
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
2021-03-25 7:52 ` [Bug other/99763] " bajinsheng at outlook dot com
@ 2021-03-25 9:41 ` marxin at gcc dot gnu.org
2021-03-25 10:14 ` bajinsheng at outlook dot com
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-03-25 9:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-03-25
CC| |marxin at gcc dot gnu.org
Ever confirmed|0 |1
Status|UNCONFIRMED |WAITING
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
We likely miss the payload, right?
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
2021-03-25 7:52 ` [Bug other/99763] " bajinsheng at outlook dot com
2021-03-25 9:41 ` marxin at gcc dot gnu.org
@ 2021-03-25 10:14 ` bajinsheng at outlook dot com
2021-03-25 10:14 ` bajinsheng at outlook dot com
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 10:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #3 from Ba Jinsheng <bajinsheng at outlook dot com> ---
Created attachment 50471
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50471&action=edit
the payload to trigger the crash
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (2 preceding siblings ...)
2021-03-25 10:14 ` bajinsheng at outlook dot com
@ 2021-03-25 10:14 ` bajinsheng at outlook dot com
2021-03-25 10:19 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 10:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #4 from Ba Jinsheng <bajinsheng at outlook dot com> ---
(In reply to Martin Liška from comment #2)
> We likely miss the payload, right?
Uploaded
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (3 preceding siblings ...)
2021-03-25 10:14 ` bajinsheng at outlook dot com
@ 2021-03-25 10:19 ` marxin at gcc dot gnu.org
2021-03-25 10:20 ` bajinsheng at outlook dot com
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-03-25 10:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Ba Jinsheng from comment #3)
> Created attachment 50471 [details]
> the payload to trigger the crash
Is it a valid symbol name? How did you come up with the name?
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (4 preceding siblings ...)
2021-03-25 10:19 ` marxin at gcc dot gnu.org
@ 2021-03-25 10:20 ` bajinsheng at outlook dot com
2021-03-25 10:22 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 10:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #6 from Ba Jinsheng <bajinsheng at outlook dot com> ---
(In reply to Martin Liška from comment #5)
> (In reply to Ba Jinsheng from comment #3)
> > Created attachment 50471 [details]
> > the payload to trigger the crash
>
> Is it a valid symbol name? How did you come up with the name?
Should be not.
I got this payload by fuzzing.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (5 preceding siblings ...)
2021-03-25 10:20 ` bajinsheng at outlook dot com
@ 2021-03-25 10:22 ` marxin at gcc dot gnu.org
2021-03-25 10:22 ` marxin at gcc dot gnu.org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-03-25 10:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |ice-on-invalid-code
--- Comment #7 from Martin Liška <marxin at gcc dot gnu.org> ---
> I got this payload by fuzzing.
I see. It's unlikely we'll fix such cases, the name is complete garbage.
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (6 preceding siblings ...)
2021-03-25 10:22 ` marxin at gcc dot gnu.org
@ 2021-03-25 10:22 ` marxin at gcc dot gnu.org
2021-03-25 10:28 ` bajinsheng at outlook dot com
2021-12-27 8:25 ` [Bug demangler/99763] " pinskia at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-03-25 10:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug other/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (7 preceding siblings ...)
2021-03-25 10:22 ` marxin at gcc dot gnu.org
@ 2021-03-25 10:28 ` bajinsheng at outlook dot com
2021-12-27 8:25 ` [Bug demangler/99763] " pinskia at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: bajinsheng at outlook dot com @ 2021-03-25 10:28 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
--- Comment #8 from Ba Jinsheng <bajinsheng at outlook dot com> ---
(In reply to Martin Liška from comment #7)
> > I got this payload by fuzzing.
>
> I see. It's unlikely we'll fix such cases, the name is complete garbage.
Even it is an invalid symbol, the c++filt will crash. Shouldn't we handle these
exceptions?
^ permalink raw reply [flat|nested] 11+ messages in thread* [Bug demangler/99763] c++filt crashes when demangling
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
` (8 preceding siblings ...)
2021-03-25 10:28 ` bajinsheng at outlook dot com
@ 2021-12-27 8:25 ` pinskia at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: pinskia at gcc dot gnu.org @ 2021-12-27 8:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99763
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 98886.
*** This bug has been marked as a duplicate of bug 98886 ***
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-12-27 8:25 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-25 7:49 [Bug other/99763] New: c++filt crashes when demangling bajinsheng at outlook dot com
2021-03-25 7:52 ` [Bug other/99763] " bajinsheng at outlook dot com
2021-03-25 9:41 ` marxin at gcc dot gnu.org
2021-03-25 10:14 ` bajinsheng at outlook dot com
2021-03-25 10:14 ` bajinsheng at outlook dot com
2021-03-25 10:19 ` marxin at gcc dot gnu.org
2021-03-25 10:20 ` bajinsheng at outlook dot com
2021-03-25 10:22 ` marxin at gcc dot gnu.org
2021-03-25 10:22 ` marxin at gcc dot gnu.org
2021-03-25 10:28 ` bajinsheng at outlook dot com
2021-12-27 8:25 ` [Bug demangler/99763] " pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).