[Bug demangler/99935] New: Stack exhaustion demangling rust mangled name

[Bug demangler/99935] New: Stack exhaustion demangling rust mangled name

[nickc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

            Bug ID: 99935
           Summary: Stack exhaustion demangling rust mangled name
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: demangler
          Assignee: unassigned at gcc dot gnu.org
          Reporter: nickc at gcc dot gnu.org
  Target Milestone: ---

The rust demangler can be pushed into an infinite loop, triggering stack
exhaustion:

  %  cat pr27963
# Reproduced from binutils PR 27963.
# Note - the expected output is wrong.  It is just there as a placeholder.
--format=rust
_RIMBALO_suB_I__Z5printi
fred

  % valgrind ./testsuite/test-demangle < pr27963
[...]
==429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000
[...]
=429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000
==429737==    at 0x410BA7: demangle_path (rust-demangle.c:742)
[...]
Segmentation fault (core dumped)

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[nickc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #1 from Nick Clifton <nickc at gcc dot gnu.org> ---
Created attachment 50777
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50777&action=edit
Proposed patch

Here is a possible patch for the problem, adding a recursion limit to the
demangle_path() function.

Note - a variation of this bug appears to have been reported on the Ubuntu
mailing lists with a different reproducer:

  https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
This patch breaks MinGW, see PR 101779

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[nickc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #3 from Nick Clifton <nickc at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #2)
> This patch breaks MinGW, see PR 101779

But it can be fixed by:
  https://sourceware.org/bugzilla/show_bug.cgi?id=28207

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sanjayr at ymail dot com

--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 104185 has been marked as a duplicate of this bug. ***

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 104186 has been marked as a duplicate of this bug. ***

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |eliz at gnu dot org

--- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 101779 has been marked as a duplicate of this bug. ***

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |featherrain26 at gmail dot com

--- Comment #7 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 98889 has been marked as a duplicate of this bug. ***

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2022-01-22

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |terrynini38514 at gmail dot com

--- Comment #8 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
*** Bug 100968 has been marked as a duplicate of this bug. ***

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[nickc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #9 from Nick Clifton <nickc at gcc dot gnu.org> ---
A revised patch to fix this PR has been prroposed on gcc-patches:

  https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589277.html

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[cvs-commit at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Nick Clifton <nickc@gcc.gnu.org>:

https://gcc.gnu.org/g:f10bec5ffa487ad3033ed5f38cfd0fc7d696deab

commit r12-6945-gf10bec5ffa487ad3033ed5f38cfd0fc7d696deab
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Jan 31 14:28:42 2022 +0000

    libiberty: Fix infinite recursion in rust demangler.

    libiberty/
            PR demangler/98886
            PR demangler/99935
            * rust-demangle.c (struct rust_demangler): Add a recursion
            counter.
            (demangle_path): Increment/decrement the recursion counter upon
            entry and exit.  Fail if the counter exceeds a fixed limit.
            (demangle_type): Likewise.
            (rust_demangle_callback): Initialise the recursion counter,
            disabling if requested by the option flags.

[Bug demangler/99935] Stack exhaustion demangling rust mangled name

[nickc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935

Nick Clifton <nickc at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #11 from Nick Clifton <nickc at gcc dot gnu.org> ---
Fixed on mainline.