https://sourceware.org/bugzilla/show_bug.cgi?id=23115
Bug ID: 23115
Summary: cxxfilt segmentation fault
Product: binutils
Version: 2.31 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: donald.zgd at gmail dot com
Target Milestone: ---
Created attachment 10979
--> https://sourceware.org/bugzilla/attachment.cgi?id=10979&action=edit
the malformed crash input
cxxfilt has a unbounded recursive loop when calling demangle_nested_args(),
results in no stack space available.
# ------------
# Cmdline:
$ cxxfilt < /tmp/cxxfilt_crash.input
# ------------
# valgrind output
==15396== Memcheck, a memory error detector
==15396== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==15396== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==15396== Command: cxxfilt
==15396==
==15396== Stack overflow in thread #1: can't grow stack to 0xffe801000
==15396==
==15396== Process terminating with default action of signal 11 (SIGSEGV)
==15396== Access not within mapped region at address 0xFFE801FF8
==15396== Stack overflow in thread #1: can't grow stack to 0xffe801000
==15396== at 0x4EF384: string_need (cplus-dem.c:4906)
==15396== If you believe this happened as a result of a stack
==15396== overflow in your program's main thread (unlikely but
==15396== possible), you can try to increase the size of the
==15396== main thread stack using the --main-stacksize= flag.
==15396== The main thread stack size used in this run was 8388608.
==15396== Stack overflow in thread #1: can't grow stack to 0xffe801000
==15396==
==15396== Process terminating with default action of signal 11 (SIGSEGV)
==15396== Access not within mapped region at address 0xFFE801FF0
==15396== Stack overflow in thread #1: can't grow stack to 0xffe801000
==15396== at 0x4A28680: _vgnU_freeres (in
/usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==15396== If you believe this happened as a result of a stack
==15396== overflow in your program's main thread (unlikely but
==15396== possible), you can try to increase the size of the
==15396== main thread stack using the --main-stacksize= flag.
==15396== The main thread stack size used in this run was 8388608.
==15396==
==15396== HEAP SUMMARY:
==15396== in use at exit: 1,178,320 bytes in 41,902 blocks
==15396== total heap usage: 41,966 allocs, 64 frees, 1,180,302 bytes
allocated
==15396==
==15396== LEAK SUMMARY:
==15396== definitely lost: 0 bytes in 0 blocks
==15396== indirectly lost: 0 bytes in 0 blocks
==15396== possibly lost: 0 bytes in 0 blocks
==15396== still reachable: 1,178,320 bytes in 41,902 blocks
==15396== suppressed: 0 bytes in 0 blocks
==15396== Rerun with --leak-check=full to see details of leaked memory
==15396==
==15396== For counts of detected and suppressed errors, rerun with: -v
==15396== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
[1] 15396 segmentation fault valgrind cxxfilt <
# ------------
# Environment
$ uname -a
Linux 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64
x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
$ ulimit -s
8192
# ------------------------------
# Tested on the following cxxfilt version
# 1.
$ git rev-parse HEAD
5373441d20b652d5b0332b6cada74524af3ae707
# ------------------------------
This bug was found by Guodong Zhu and Kang Li with Team Seri0us at 360.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
