From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-491504-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 122405 invoked by alias); 3 Dec 2018 14:53:42 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 122382 invoked by uid 89); 3 Dec 2018 14:53:41 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,KAM_MANYTO,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=H*f:sk:m35zwe4
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 03 Dec 2018 14:53:40 +0000
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 3BF4430001DD;	Mon,  3 Dec 2018 14:53:39 +0000 (UTC)
Received: from [10.36.117.16] (ovpn-117-16.ams2.redhat.com [10.36.117.16])	by smtp.corp.redhat.com (Postfix) with ESMTPS id B6E3C5C237;	Mon,  3 Dec 2018 14:53:37 +0000 (UTC)
To: Cary Coutant <ccoutant@gmail.com>, Jakub Jelinek <jakub@redhat.com>, GCC Patches <gcc-patches@gcc.gnu.org>, Binutils <binutils@sourceware.org>, sgayou@redhat.com, Jason Merrill <jason@redhat.com>, Michael Matz <matz@suse.de>
References: <87muprdko7.fsf@redhat.com> <20181130084211.GX12380@tucnak> <173817ca-0aa0-e1a2-6725-37e079ead545@redhat.com> <alpine.LSU.2.21.1811301331360.5354@wotan.suse.de> <m35zwe4nqg.fsf@pepe.airs.com> <CAJimCsES7ctTGHWRDHAdEEiwiY3nWCod5xdo4MSSAGDCmk53qg@mail.gmail.com>
From: Nick Clifton <nickc@redhat.com>
Openpgp: preference=signencrypt
Subject: Re: RFA/RFC: Add stack recursion limit to libiberty's demangler
Message-ID: <e1e1fec8-a458-d30c-c37b-bf1dba840419@redhat.com>
Date: Mon, 03 Dec 2018 14:53:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <CAJimCsES7ctTGHWRDHAdEEiwiY3nWCod5xdo4MSSAGDCmk53qg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes
X-SW-Source: 2018-12/txt/msg00078.txt.bz2

Hi Cary,

> In order to handle arbitrary user input without crashing, perhaps the
> demangler should switch from recursive descent parsing to a state
> machine, where exhaustion of resources can be handled gracefully.

I think that that would be a better long term fix for the problem,
but it is not one that I have time to work on right now.

My main goal with this patch submission is to stop the flood of PR 
and CVEs about mangled inputs that trigger stack exhaustion.  Being 
able to properly demangle such inputs would be nice, but not something
that I think should be a priority.  I think that in real life no 
program is ever going to generate a mangled name that is sufficiently 
complex to trigger a seg-fault this way, so the only real purpose of
the patch is to resolve these PRs and stop more from being filed.

Cheers
  Nick