bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/27263] New: stack overflow in cxxfilt, str_buf_append, ru


From: featherrain26 at gmail dot com
Subject: [Bug binutils/27263] New: stack overflow in cxxfilt, str_buf_append, rust-demangle.c:1490
Date: Thu, 28 Jan 2021 07:26:15 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=27263

            Bug ID: 27263
           Summary: stack overflow in cxxfilt, str_buf_append,
                    rust-demangle.c:1490
           Product: binutils
           Version: 2.37 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 13168
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13168&action=edit
POC

Hi, there.

There is a stack overflow in the newest version(2eda57ef) of cxxfilt,
rust-demangle.c:671 related to path demangling, which directly causes a
segmentation fault.

To reproduce, run
cxxfilt < poc

Here is the trace reported by ASAN:
==7714==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe0bb3fcb8 (pc
0x7f67c626a62f bp 0x7ffe0bb40530 sp 0x7ffe0bb3fcc0 T0)
    #0 0x7f67c626a62e in __asan_memcpy
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c62e)
    #1 0x96a295 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
    #2 0x96a295 in str_buf_append ../../libiberty/rust-demangle.c:1490
    #3 0x96a295 in str_buf_demangle_callback
../../libiberty/rust-demangle.c:1497
    #4 0x977cc9 in print_str ../../libiberty/rust-demangle.c:273
    #5 0x977cc9 in demangle_path ../../libiberty/rust-demangle.c:746
    #6 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #7 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #8 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #9 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #10 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #11 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #12 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #13 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #14 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #15 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #16 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #17 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #18 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #19 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #20 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #21 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #22 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #23 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #24 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #25 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #26 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #27 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #28 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #29 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #30 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #31 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #32 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #33 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #34 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #35 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #36 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #37 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #38 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #39 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #40 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #41 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #42 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #43 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #44 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #45 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #46 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #47 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #48 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #49 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #50 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #51 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #52 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #53 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #54 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #55 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #56 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #57 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #58 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #59 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #60 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #61 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #62 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #63 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #64 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #65 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #66 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #67 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #68 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #69 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #70 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #71 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #72 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #73 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #74 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #75 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #76 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #77 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #78 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #79 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #80 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #81 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #82 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #83 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #84 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #85 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #86 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #87 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #88 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #89 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #90 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #91 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #92 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #93 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #94 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #95 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #96 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #97 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #98 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #99 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #100 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #101 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #102 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #103 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #104 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #105 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #106 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #107 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #108 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #109 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #110 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #111 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #112 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #113 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #114 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #115 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #116 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #117 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #118 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #119 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #120 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #121 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #122 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #123 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #124 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #125 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #126 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #127 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #128 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #129 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #130 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #131 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #132 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #133 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #134 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #135 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #136 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #137 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #138 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #139 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #140 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #141 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #142 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #143 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #144 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #145 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #146 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #147 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #148 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #149 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #150 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #151 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #152 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #153 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #154 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #155 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #156 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #157 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #158 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #159 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #160 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #161 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #162 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #163 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #164 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #165 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #166 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #167 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #168 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #169 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #170 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #171 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #172 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #173 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #174 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #175 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #176 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #177 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #178 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #179 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #180 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #181 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #182 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #183 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #184 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #185 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #186 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #187 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #188 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #189 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #190 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #191 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #192 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #193 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #194 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #195 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #196 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #197 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #198 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #199 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #200 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #201 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #202 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #203 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #204 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #205 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #206 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #207 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #208 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #209 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #210 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #211 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #212 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #213 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #214 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #215 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #216 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #217 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #218 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #219 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #220 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #221 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #222 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #223 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #224 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #225 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #226 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #227 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #228 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #229 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #230 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #231 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #232 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #233 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #234 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #235 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #236 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #237 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #238 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #239 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #240 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #241 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #242 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #243 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #244 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #245 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #246 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #247 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #248 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #249 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #250 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #251 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747
    #252 0x971699 in demangle_type ../../libiberty/rust-demangle.c:1031
    #253 0x971873 in demangle_type ../../libiberty/rust-demangle.c:1024
    #254 0x97709c in demangle_path ../../libiberty/rust-demangle.c:747

SUMMARY: AddressSanitizer: stack-overflow ??:0 __asan_memcpy
==7714==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]