[Bug binutils/27737] New: cxxfilt stack exhaust by recursion

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/27737] New: cxxfilt stack exhaust by recursion

From:	rding at gatech dot edu
Subject:	[Bug binutils/27737] New: cxxfilt stack exhaust by recursion
Date:	Thu, 15 Apr 2021 18:36:42 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=27737

            Bug ID: 27737
           Summary: cxxfilt stack exhaust by recursion
           Product: binutils
           Version: 2.37 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: rding at gatech dot edu
  Target Milestone: ---

Created attachment 13372
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13372&action=edit
poc

Hi,

A stack exhaustion bug has been found for Cxxfilt on the HEAD of the master
branch:

commit a15a276b46bf07323a1d270d7abece83ef1ea78f (HEAD -> master, origin/master,
origin/HEAD)
Author: Tom Tromey <tromey@adacore.com>
Date:   Thu Apr 15 10:14:11 2021 -0600

cxxfilt --version
GNU c++filt (GNU Binutils) 2.36.50.20210415
Copyright (C) 2021 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.

The configuration of Binutils is:

CC=/home/ren/tmp/afl-2.52b/afl-gcc CFLAGS="-g -fsanitize=address"
LDFLAGS="-fsanitize=address" ./configure --disable-gdb --disable-werror

CC=/home/ren/tmp/afl-2.52b/afl-gcc CFLAGS="-g -fsanitize=address"
LDFLAGS="-fsanitize=address" make

To trigger the bug:
./cxxfilt < poc
ASAN:DEADLYSIGNAL
=================================================================
==25277==ERROR: AddressSanitizer: stack-overflow on address 0x7fff13a95fb0 (pc
0x563d15ede61e bp 0x0fffe2752c2e sp 0x7fff13a95fb0 T0)
    #0 0x563d15ede61d in demangle_path rust-demangle.c:664
    #1 0x563d15edfcfd in demangle_path rust-demangle.c:774
    #2 0x563d15edfcfd in demangle_path rust-demangle.c:774
    #3 0x563d15edfcfd in demangle_path rust-demangle.c:774
    ...
    #248 0x563d15edfcfd in demangle_path rust-demangle.c:774
    #249 0x563d15edfcfd in demangle_path rust-demangle.c:774
    #250 0x563d15edfcfd in demangle_path rust-demangle.c:774

SUMMARY: AddressSanitizer: stack-overflow rust-demangle.c:664 in demangle_path
==25277==ABORTING

The triggering environment we see is on Ubuntu 18.04 (bionic), with gcc version
7.5.0.

Please find the PoC we provide in the attachment and let us know if you have
any trouble reproducing the crash. Thank you!

Credit:
Ren Ding (rding@gatech.edu)
Hanqing Zhao (hanqing@gatech.edu)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/27737] New: cxxfilt stack exhaust by recursion, rding at gatech dot edu <=
- [Bug binutils/27737] cxxfilt stack exhaust by recursion, tromey at sourceware dot org, 2021/04/15
- [Bug binutils/27737] cxxfilt stack exhaust by recursion, rding at gatech dot edu, 2021/04/15
- [Bug binutils/27737] cxxfilt stack exhaust by recursion, amodra at gmail dot com, 2021/04/16

Prev by Date: [Bug binutils/27734] binutils/rename.c: get_stat_atime_ns/get_stat_mtime_ns might not use a parameter
Next by Date: [Bug binutils/27737] cxxfilt stack exhaust by recursion
Previous by thread: [Bug binutils/27734] New: binutils/rename.c: get_stat_atime_ns/get_stat_mtime_ns might not use a parameter
Next by thread: [Bug binutils/27737] cxxfilt stack exhaust by recursion
Index(es):
- Date
- Thread