https://sourceware.org/bugzilla/show_bug.cgi?id=32699
Bug ID: 32699
Summary: Null pointer dereference in libiberty/cp-demangle.c
Product: binutils
Version: 2.32
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: shiyuyuranzh at gmail dot com
Target Milestone: ---
Created attachment 15953
--> https://sourceware.org/bugzilla/attachment.cgi?id=15953&action=edit
Vulnerability Path
I have found a potential null pointer dereference bug in
libiberty/cp-demangle.c and would like to report it to the maintainers. This
vulnerability has the potential to cause unexpected application behavior,
crashes. Can you please help me check it? Thank you for your effort and
patience!
Below is the execution sequence of the program that may produce null pointer
dereference bug.The specific paths are shown in the attachment.
First, in the function d_maybe_print_fold_expression in the file
libiberty/cp-demangle.c, op2 is assigned to NULL on line 4595. op2 is not
reassigned if the conditional judgement on line 4596 is false.
Second, op2 is passed as the third argument to the function d_print_subexpr at
line 4633, which has the formal parameter dc assigned to NULL.
Finally, dc is dereferenced on line 4512, resulting in a null pointer
dereference vulnerability.
Thank you very much for reading and I look forward to hearing from you!
--
You are receiving this mail because:
You are on the CC list for the bug.
