[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23834] New: Infinite Recursion in demangle_nested_args - S
|
From: |
security-tps at google dot com |
|
Subject: |
[Bug binutils/23834] New: Infinite Recursion in demangle_nested_args - Stack Overflow (118486503) |
|
Date: |
Fri, 26 Oct 2018 17:14:29 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23834
Bug ID: 23834
Summary: Infinite Recursion in demangle_nested_args - Stack
Overflow (118486503)
Product: binutils
Version: 2.32 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: security-tps at google dot com
Target Milestone: ---
Created attachment 11369
--> https://sourceware.org/bugzilla/attachment.cgi?id=11369&action=edit
Proof of concept
Hello binutils team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
binutils (tested with revision * master
fd2b4de5e63ad5994baf9c57b5d0c49d1f1dd4e4).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
Instructions:
`unzip artifacts_118486503.zip`
`docker build --build-arg SANITIZER=address --tag=autofuzz-binutils-118486503
autofuzz_118486503`
`docker run --entrypoint /fuzzing/repro.sh --cap-add=SYS_PTRACE -v
$PWD/autofuzz_118486503/poc-9139592704bf42e2a8f72de91be0975306d89ed168aff579bafacca21f6c8644_min:/tmp/poc
autofuzz-binutils-118486503 "" /tmp/poc`
`docker run --cap-add=SYS_PTRACE -v
$PWD/autofuzz_118486503/poc-9139592704bf42e2a8f72de91be0975306d89ed168aff579bafacca21f6c8644_min:/tmp/poc
-it autofuzz-binutils-118486503`
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
```
INFO: Seed: 120513314
INFO: Loaded 0 modules (0 guards):
/fuzzing/binutils-gdb/build/demangle_fuzzer: Running 1 inputs 500 time(s) each.
Running:
/tmp/poc-9139592704bf42e2a8f72de91be0975306d89ed168aff579bafacca21f6c8644
ASAN:DEADLYSIGNAL
=================================================================
==8==ERROR: AddressSanitizer: stack-overflow on address 0x7fff89489e38 (pc
0x0000004c6920 bp 0x7fff8948a6b0 sp 0x7fff89489e40 T0)
#0 0x4c691f in __asan_memset
(/fuzzing/binutils-gdb/build/demangle_fuzzer+0x4c691f)
#1 0x51b4cf in string_init
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4935:15
#2 0x52715f in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4285:3
#3 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#4 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#5 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#6 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#7 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#8 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#9 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#10 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#11 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#12 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#13 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#14 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#15 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#16 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#17 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#18 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#19 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#20 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#21 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#22 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#23 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#24 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#25 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#26 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#27 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#28 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#29 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#30 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#31 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#32 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#33 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#34 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#35 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#36 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#37 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#38 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#39 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#40 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#41 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#42 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#43 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#44 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#45 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#46 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#47 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#48 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#49 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#50 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#51 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#52 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#53 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#54 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#55 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#56 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#57 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#58 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#59 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#60 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#61 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#62 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#63 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#64 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#65 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#66 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#67 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#68 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#69 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#70 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#71 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#72 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#73 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#74 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#75 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#76 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#77 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#78 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#79 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#80 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#81 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#82 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#83 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#84 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#85 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#86 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#87 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#88 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#89 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#90 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#91 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#92 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#93 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#94 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#95 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#96 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#97 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#98 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#99 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#100 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#101 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#102 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#103 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#104 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#105 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#106 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#107 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#108 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#109 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#110 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#111 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#112 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#113 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#114 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#115 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#116 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#117 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#118 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#119 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#120 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#121 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#122 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#123 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#124 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#125 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#126 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#127 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#128 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#129 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#130 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#131 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#132 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#133 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#134 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#135 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#136 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#137 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#138 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#139 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#140 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#141 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#142 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#143 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#144 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#145 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#146 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#147 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#148 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#149 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#150 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#151 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#152 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#153 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#154 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#155 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#156 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#157 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#158 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#159 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#160 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#161 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#162 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#163 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#164 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#165 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#166 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#167 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#168 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#169 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#170 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#171 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#172 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#173 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#174 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#175 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#176 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#177 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#178 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#179 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#180 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#181 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#182 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#183 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#184 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#185 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#186 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#187 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#188 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#189 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#190 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#191 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#192 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#193 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#194 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#195 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#196 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#197 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#198 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#199 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#200 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#201 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#202 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#203 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#204 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#205 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#206 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#207 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#208 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#209 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#210 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#211 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#212 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#213 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#214 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#215 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#216 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#217 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#218 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#219 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#220 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#221 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#222 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#223 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#224 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#225 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#226 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#227 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#228 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#229 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#230 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#231 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#232 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#233 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#234 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#235 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#236 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#237 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#238 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#239 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#240 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#241 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#242 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#243 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#244 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#245 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#246 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
#247 0x526682 in demangle_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4659:9
#248 0x5278bd in demangle_nested_args
/fuzzing/binutils-gdb/libiberty/cplus-dem.c:4713:12
#249 0x518d20 in do_type /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3719:9
#250 0x527378 in do_arg /fuzzing/binutils-gdb/libiberty/cplus-dem.c:4332:8
SUMMARY: AddressSanitizer: stack-overflow
(/fuzzing/binutils-gdb/build/demangle_fuzzer+0x4c691f) in __asan_memset
==8==ABORTING
```
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the
report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion
to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/23834] New: Infinite Recursion in demangle_nested_args - Stack Overflow (118486503),
security-tps at google dot com <=