From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 93048 invoked by alias); 30 Nov 2018 08:42:12 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 93003 invoked by uid 89); 30 Nov 2018 08:42:11 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,KAM_SHORT,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=H*i:X7vL, H*i:sk:4BPOGhG, H*f:sk:4BPOGhG, H*f:X7vL X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 30 Nov 2018 08:42:10 +0000 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BE3E11E2F8; Fri, 30 Nov 2018 08:42:08 +0000 (UTC) Received: from [10.36.116.107] (ovpn-116-107.ams2.redhat.com [10.36.116.107]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BA8717179; Fri, 30 Nov 2018 08:42:06 +0000 (UTC) Subject: Re: RFA/RFC: Add stack recursion limit to libiberty's demangler To: Scott Gayou Cc: ian@airs.com, gcc-patches@gcc.gnu.org, binutils@sourceware.org, matz@gcc.gnu.org, jason@redhat.com References: <87sgzkszbh.fsf@redhat.com> From: Nick Clifton Openpgp: preference=signencrypt Message-ID: <6664bba2-9a9f-32be-fcac-9f9a5c7c7055@redhat.com> Date: Fri, 30 Nov 2018 08:42:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2018-11/txt/msg02536.txt.bz2 Hi Scott, > Thank you for looking into this Nick. I've been staring at a few of these CVEs off-and-on for a few days, and the following CVEs all look like duplicates: > > CVE-2018-17985: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335 > CVE-2018-18484: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636 > CVE-2018-18701: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675 > CVE-2018-18700: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 Yes, essentially they are. They actually trigger stack exhaustion at different places inside libiberty, but the root cause is the same. I am also happy to say that my proposed patch fixes *all* of these PRs. > Perhaps some of these should be rejected? That would nice, but I think that if the patch is accepted then the issue should be resolved and we should stop seeing this kind of CVE. (I must admit that my motivation for creating this patch in the first place is that I am fed up with the amount of hassle that is involved each time a new CVE is created. Especially when they are essentially all the same bug). Cheers Nick