[Bug demangler/102130] New: [c++filt] Stack overflow in demangle_path

Mon, 30 Aug 2021 10:11:13 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102130

            Bug ID: 102130
           Summary: [c++filt] Stack overflow in demangle_path
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: demangler
          Assignee: unassigned at gcc dot gnu.org
          Reporter: irfanariq at kaist dot ac.kr
  Target Milestone: ---

Created attachment 51378
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51378&action=edit
poc and full stack trace

Hello,

We are currently working on fuzz testing feature, and we found a crash on
c++filt.

The stack traces are as follow:
==617==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe1fa7ff8 (pc
0x555911cd5385 bp 0x7fffe1fa8140 sp 0x7fffe1fa8000 T0)
    #0 0x555911cd5384 in demangle_path rust-demangle.c:674
    #1 0x555911cd5e48 in demangle_path rust-demangle.c:774
    #2 0x555911cd56a1 in demangle_path rust-demangle.c:696
    #3 0x555911cd5e48 in demangle_path rust-demangle.c:774
    #4 0x555911cd56a1 in demangle_path rust-demangle.c:696
    ...
    #247 0x555911cd5e48 in demangle_path rust-demangle.c:774
    #248 0x555911cd56a1 in demangle_path rust-demangle.c:696
    #249 0x555911cd5e48 in demangle_path rust-demangle.c:774
    #250 0x555911cd56a1 in demangle_path rust-demangle.c:696
We also attach the full stack trace in the attachment.

**Step to reproduce**

We configured c++filt using 

$ CFLAGS="-g -O0 -fsanitize=address" ./configure --disable-shared
--enable-targets=all

,and built it using 

$ make -j10; make install 

,and run it with:

$ ./c++filt @<input file>

The input file is in the attachment.

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (7de7786bb7db5159fc8a7bfa3df72381ff16a38c) of master
branch on sourceware git
(https://sourceware.org/git/?p=binutils-gdb.git;a=tree;h=7de7786bb7db5159fc8a7bfa3df72381ff16a38c;hb=7de7786bb7db5159fc8a7bfa3df72381ff16a38c)

Thank you.

Reply via email to