https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101798
Bug ID: 101798
Summary: rust-demangle.c infinite recursion
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: shaohua.li at inf dot ethz.ch
Target Milestone: ---
Created attachment 51267
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51267&action=edit
poc
Hi there,
I found a stack-overflow in rust-demangle.c when fuzzing binutils. I was
instructed to report this bug here by binutils's maintainers. See details
below.
- binutils version: 2.38(Head), commit af51804103a08cd1e12edc4f4a30eec2c5c4f9e8
- Compiler: clang12
- Platform: Ubuntu 18.04.5 LTS, x86_64
- Reproduce: run `nm-new -C poc`
AddressSanitizer report:
==498==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd9daa0d88 (pc
0x0000004967a6 bp 0x7ffd9daa15d0 sp 0x7ffd9daa0d90 T0)
#0 0x4967a6 in __asan_memcpy (/out_bin/nm-new+0x4967a6)
#1 0x163535e in str_buf_append
/binutils_latest/repo/libiberty/./rust-demangle.c:1493:3
#2 0x1635278 in str_buf_demangle_callback
/binutils_latest/repo/libiberty/./rust-demangle.c:1500:3
#3 0x1631f3b in print_str
/binutils_latest/repo/libiberty/./rust-demangle.c:273:5
#4 0x163662c in demangle_type
/binutils_latest/repo/libiberty/./rust-demangle.c:893:7
#5 0x1634b7f in demangle_path
/binutils_latest/repo/libiberty/./rust-demangle.c:747:7
#6 0x16372f6 in demangle_type
/binutils_latest/repo/libiberty/./rust-demangle.c:1031:7
...
