[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23767] Integer Overflow in cplus-dem.c in c++filt in bintu
|
From: |
wcventure at 126 dot com |
|
Subject: |
[Bug binutils/23767] Integer Overflow in cplus-dem.c in c++filt in bintuils which leads to Undefined-behavior(OOM in this POC) |
|
Date: |
Mon, 15 Oct 2018 03:50:47 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23767
wcventure <wcventure at 126 dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Out of Memory problem |Integer Overflow in
|caused by Integer Overflow |cplus-dem.c in c++filt in
|in c++filt |bintuils which leads to
| |Undefined-behavior(OOM in
| |this POC)
--- Comment #1 from wcventure <wcventure at 126 dot com> ---
In cplus-dem.c:3597
n *= 10;
n += *p - '0';
p++;
This testcase will set n = 766666666. 766666666 * 10 cannot be represented in
type 'int', which make n have a Integer overflow problem. This problem leads to
undefined-behavior.
I will show you the debug process as follow:
> $ gdb --args ./c++filt _rttt4tttt6__H7666666666666666666_
> (gdb) start
> Temporary breakpoint 1 at 0x4ea9a6: file cxxfilt.c, line 172.
> Starting program: /build/bin/c++filt _rttt4tttt6__H7666666666666666666__c
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Temporary breakpoint 1, main (argc=2, argv=0x7fffffffdff8) at cxxfilt.c:172
> 172 {
> (gdb) b cplus-dem.c:3597
> Breakpoint 2 at 0x20171b4: file ./cplus-dem.c, line 3597.
> (gdb) c
> Continuing.
> Breakpoint 2, get_count (type=<optimized out>, count=<optimized out>) at
> ./cplus-dem.c:3597
> 3597 n *= 10;
> (gdb) n
> cplus-dem.c:3597:10: runtime error: signed integer overflow: 766666666 * 10
> cannot be represented in type 'int'
> SUMMARY: AddressSanitizer: undefined-behavior cplus-dem.c:3597:10 in
> 3598 n += *p - '0';
> (gdb) n
> 3599 p++;
--
You are receiving this mail because:
You are on the CC list for the bug.