https://sourceware.org/bugzilla/show_bug.cgi?id=27693
Bug ID: 27693
Summary: Gprof (GNU Binutils for Debian) 2.36.1 ,stack overflow
occured when call the function "demangle_path"
Product: binutils
Version: 2.36.1
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 2243829852 at qq dot com
Target Milestone: ---
Created attachment 13347
--> https://sourceware.org/bugzilla/attachment.cgi?id=13347&action=edit
the file could trigger the bug
Vulnerability triggered environment:ubuntu18.04,gcc 7.5
command line: gprof crash gmon.out
Notice: the gmon.out must use the file offered by me
the bug detail as follow:
==43090== Memcheck, a memory error detector
==43090== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==43090== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==43090== Command: ./binutils-2.36.1/gprof/gprof
crashes_fair/id:000000,sig:11,src:005586,op:flip1,pos:14002 temp/gmon.out
==43090== Parent PID: 2375
==43090==
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090==
==43090== Process terminating with default action of signal 11 (SIGSEGV)
==43090== Access not within mapped region at address 0x1FFE801FF8
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090== at 0x1FA0F6: demangle_path (rust-demangle.c:664)
==43090== If you believe this happened as a result of a stack
==43090== overflow in your program's main thread (unlikely but
==43090== possible), you can try to increase the size of the
==43090== main thread stack using the --main-stacksize= flag.
==43090== The main thread stack size used in this run was 8388608.
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090==
==43090== Process terminating with default action of signal 11 (SIGSEGV)
==43090== Access not within mapped region at address 0x1FFE801FF0
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090== at 0x402A12A: _vgnU_freeres (vg_preloaded.c:57)
==43090== If you believe this happened as a result of a stack
==43090== overflow in your program's main thread (unlikely but
==43090== possible), you can try to increase the size of the
==43090== main thread stack using the --main-stacksize= flag.
==43090== The main thread stack size used in this run was 8388608.
==43090==
==43090== HEAP SUMMARY:
==43090== in use at exit: 624,621 bytes in 56 blocks
==43090== total heap usage: 117 allocs, 61 frees, 1,206,479 bytes allocated
==43090==
==43090== LEAK SUMMARY:
==43090== definitely lost: 0 bytes in 0 blocks
==43090== indirectly lost: 0 bytes in 0 blocks
==43090== possibly lost: 0 bytes in 0 blocks
==43090== still reachable: 624,621 bytes in 56 blocks
I analyse the source code ,found that the function "demangle_path" in
rust-demangle.c and the function "demangle_type"
call each other without stopping.Finally,This results in a stack overflow
--
You are receiving this mail because:
You are on the CC list for the bug.
