* RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)
@ 2018-12-12 11:40 Nick Clifton
2018-12-12 13:47 ` Ian Lance Taylor via gcc-patches
0 siblings, 1 reply; 3+ messages in thread
From: Nick Clifton @ 2018-12-12 11:40 UTC (permalink / raw)
To: ian; +Cc: gcc-patches, redi
Hi Ian,
*sigh* 5 minutes after sending the patch for this PR, I realised that
I had made a mistake. I should have conditionalized the limit on the
number of supported qualifiers, so that the check is only made if we
have resource limits enabled. Like this:
Cheers
Nick
Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c (revision 267043)
+++ libiberty/cplus-dem.c (working copy)
@@ -3443,6 +3443,20 @@
success = 0;
}
+ if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0)
+ {
+ /* PR 87241: Catch malicious input that will try to trick this code into
+ allocating a ridiculous amount of memory via the remember_Ktype()
+ function.
+ The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary. Possibly
+ a better solution would be to track how much memory remember_Ktype
+ allocates and abort when some upper limit is reached. */
+ if (qualifiers > DEMANGLE_RECURSION_LIMIT)
+ /* FIXME: We ought to have some way to tell the user that
+ this limit has been reached. */
+ success = 0;
+ }
+
if (!success)
return success;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)
2018-12-12 11:40 RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2) Nick Clifton
@ 2018-12-12 13:47 ` Ian Lance Taylor via gcc-patches
2018-12-13 9:47 ` Nick Clifton
0 siblings, 1 reply; 3+ messages in thread
From: Ian Lance Taylor via gcc-patches @ 2018-12-12 13:47 UTC (permalink / raw)
To: Nick Clifton; +Cc: Ian Lance Taylor, gcc-patches, redi
On Wed, Dec 12, 2018 at 3:40 AM Nick Clifton <nickc@redhat.com> wrote:
>
> *sigh* 5 minutes after sending the patch for this PR, I realised that
> I had made a mistake. I should have conditionalized the limit on the
> number of supported qualifiers, so that the check is only made if we
> have resource limits enabled. Like this:
>
> Cheers
> Nick
>
> Index: libiberty/cplus-dem.c
> ===================================================================
> --- libiberty/cplus-dem.c (revision 267043)
> +++ libiberty/cplus-dem.c (working copy)
> @@ -3443,6 +3443,20 @@
> success = 0;
> }
>
> + if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0)
> + {
> + /* PR 87241: Catch malicious input that will try to trick this code into
> + allocating a ridiculous amount of memory via the remember_Ktype()
> + function.
> + The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary. Possibly
> + a better solution would be to track how much memory remember_Ktype
> + allocates and abort when some upper limit is reached. */
> + if (qualifiers > DEMANGLE_RECURSION_LIMIT)
> + /* FIXME: We ought to have some way to tell the user that
> + this limit has been reached. */
> + success = 0;
> + }
> +
> if (!success)
> return success;
This is OK.
Thanks.,
I thought we were removing the old demangling schemes?
Ian
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)
2018-12-12 13:47 ` Ian Lance Taylor via gcc-patches
@ 2018-12-13 9:47 ` Nick Clifton
0 siblings, 0 replies; 3+ messages in thread
From: Nick Clifton @ 2018-12-13 9:47 UTC (permalink / raw)
To: Ian Lance Taylor, Jason Merrill; +Cc: Ian Lance Taylor, gcc-patches, redi
Hi Ian,
> I thought we were removing the old demangling schemes?
Doh! yes, I totally forgot. So I will withdraw this patch in favour of Jason's.
Cheers
Nick
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-12-13 9:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-12 11:40 RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2) Nick Clifton
2018-12-12 13:47 ` Ian Lance Taylor via gcc-patches
2018-12-13 9:47 ` Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).