[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Report a bug of binutils-2.38
From: |
Nick Clifton |
Subject: |
Re: Report a bug of binutils-2.38 |
Date: |
Mon, 3 Oct 2022 11:33:51 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 |
Hi bjchan9an,
There is an uncontrolled stack recursion vulnerability in binutils-2.38, which
allows stack consumption in demangle_path_maybe_open_generics().
As Alan said, we are really only interested in bugs triggered by fuzzed binaries
if they are reported against the current mainline code. Given the trouble that
I know that you have had in reporting this problem however I thought that I
would add a few more details:
1. As it happens the string demangling code is part of the libiberty library
which actually maintained by the GCC project not us. (The binutils project
makes use of the code, but it does not maintain the code). Hence bug
reports
about demangling should be sent to the gcc mailing list.
2. This problem - with the Rust demangler - has already been reported and
fixed.
If you try the current mainline GNU binutils sources you should find that
the
stack exhaustion does not occur.
Cheers
Nick
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Report a bug of binutils-2.38,
Nick Clifton <=