From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 34FBC3857C50; Thu, 25 Mar 2021 07:49:14 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 34FBC3857C50
From: "bajinsheng at outlook dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug other/99763] New: c++filt crashes when demangling
Date: Thu, 25 Mar 2021 07:49:13 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: other
X-Bugzilla-Version: unknown
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: bajinsheng at outlook dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-99763-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 07:49:14 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99763

            Bug ID: 99763
           Summary: c++filt crashes when demangling
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bajinsheng at outlook dot com
  Target Milestone: ---

the payload to trigger the crash

The bug is about segment fault, which may be caused by endless loop.

Source code repository:
git://sourceware.org/git/binutils-gdb.git

commit:
12af5ebd820425e8ad843a1dac687a2fffc4a2e3

Date:=20=20=20
Tue Mar 23 00:00:07 2021 +0000

Compiler:
Clang-12

OS:
Ubuntu 16.04.7 LTS


The call stack of the bug:
#0  0x00000000004beff1 in demangle_path (rdm=3Drdm@entry=3D0x7ffe5ead2850,
in_value=3Din_value@entry=3D1)
    at ./rust-demangle.c:664
#1  0x00000000004bf4d8 in demangle_path (rdm=3Drdm@entry=3D0x7ffe5ead2850,
in_value=3Din_value@entry=3D1)
    at ./rust-demangle.c:774
=E2=80=A6=E2=80=A6=E2=80=A6..
#52364 0x00000000004bf4d8 in demangle_path (rdm=3Drdm@entry=3D0x7ffe5ead285=
0,
in_value=3Din_value@entry=3D1)
    at ./rust-demangle.c:774
#52365 0x00000000004bf4d8 in demangle_path (rdm=3Drdm@entry=3D0x7ffe5ead285=
0,
in_value=3Din_value@entry=3D1)
    at ./rust-demangle.c:774
#52366 0x00000000004be5f0 in rust_demangle_callback (mangled=3D<optimized o=
ut>,
options=3D267,=20
    callback=3D<optimized out>, opaque=3D0x7ffe5ead28d0) at ./rust-demangle=
.c:1400
#52367 0x00000000004bf8d2 in rust_demangle (mangled=3D0x7ffe5ead2850 "\302s=
q",
options=3D1)
    at ./rust-demangle.c:1511
#52368 0x00000000004a4a0d in cplus_demangle (mangled=3D0x7173c0 <main.mbuff=
er>
"_RB_R", options=3D267)
    at ./cplus-dem.c:166


I upload the payload to reproduce the bug:
cat payload | ./c++filt=