https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106232
Bug ID: 106232
Summary: stack exhausted when using '-s dlang' in d-demangle.c
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: demangler
Assignee: unassigned at gcc dot gnu.org
Reporter: 13579and24680 at gmail dot com
Target Milestone: ---
Created attachment 53278
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53278&action=edit
A crashed file find by AFL
Even though using argument '-R' (default enable), stack still exhausted when
using argument '-s dlang'.
$ git log
commit 045f385d9a1ee7269d3fa50657c4c7d1d7ba6c0f (HEAD -> master, origin/master,
origin/HEAD)
Author: Tsukasa OI <research_tra...@irq.a4lg.com>
Date: Mon Jun 27 11:03:43 2022 +0900
normal run:
$ git clone git://sourceware.org/git/binutils-gdb.git
$ cd binutils-gdb
$ ./configure
$ make
$ ./binutils/cxxfilt -s dlang < poc
segmentation fault
asan report:
$ git clone git://sourceware.org/git/binutils-gdb.git
$ cd binutils-gdb
$ CC=gcc CFLAGS='-fsanitize=address -g' CXXFLAGS='-fsanitize=address -g'
./configure
$ make
$ ./binutils/cxxfilt -s dlang < poc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3581485==ERROR: AddressSanitizer: stack-overflow on address 0x7ffccffb4f38
(pc 0x7ffbbb9aa906 bp 0x7ffccffb57c0 sp 0x7ffccffb4f40 T0)
#0 0x7ffbbb9aa905 in __interceptor_strlen
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:343
#1 0x55a72640c946 in string_append d-demangle.c:130
#2 0x55a72640e580 in dlang_call_convention d-demangle.c:482
#3 0x55a72640eab9 in dlang_function_type_noreturn d-demangle.c:625
#4 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#5 0x55a72640fafe in dlang_type d-demangle.c:858
#6 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#7 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#8 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#9 0x55a72640fafe in dlang_type d-demangle.c:858
#10 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#11 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#12 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#13 0x55a72640fafe in dlang_type d-demangle.c:858
#14 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#15 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#16 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#17 0x55a72640fafe in dlang_type d-demangle.c:858
#18 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#19 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#20 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#21 0x55a72640fafe in dlang_type d-demangle.c:858
#22 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#23 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#24 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#25 0x55a72640fafe in dlang_type d-demangle.c:858
#26 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#27 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#28 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#29 0x55a72640fafe in dlang_type d-demangle.c:858
#30 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#31 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#32 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#33 0x55a72640fafe in dlang_type d-demangle.c:858
#34 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#35 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#36 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#37 0x55a72640fafe in dlang_type d-demangle.c:858
#38 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#39 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#40 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#41 0x55a72640fafe in dlang_type d-demangle.c:858
#42 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#43 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#44 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#45 0x55a72640fafe in dlang_type d-demangle.c:858
#46 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#47 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#48 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#49 0x55a72640fafe in dlang_type d-demangle.c:858
#50 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#51 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#52 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#53 0x55a72640fafe in dlang_type d-demangle.c:858
#54 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#55 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#56 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#57 0x55a72640fafe in dlang_type d-demangle.c:858
#58 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#59 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#60 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#61 0x55a72640fafe in dlang_type d-demangle.c:858
#62 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#63 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#64 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#65 0x55a72640fafe in dlang_type d-demangle.c:858
#66 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#67 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#68 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#69 0x55a72640fafe in dlang_type d-demangle.c:858
#70 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#71 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#72 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#73 0x55a72640fafe in dlang_type d-demangle.c:858
#74 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#75 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#76 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#77 0x55a72640fafe in dlang_type d-demangle.c:858
#78 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#79 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#80 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#81 0x55a72640fafe in dlang_type d-demangle.c:858
#82 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#83 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#84 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#85 0x55a72640fafe in dlang_type d-demangle.c:858
#86 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#87 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#88 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#89 0x55a72640fafe in dlang_type d-demangle.c:858
#90 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#91 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#92 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#93 0x55a72640fafe in dlang_type d-demangle.c:858
#94 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#95 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#96 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#97 0x55a72640fafe in dlang_type d-demangle.c:858
#98 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#99 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#100 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#101 0x55a72640fafe in dlang_type d-demangle.c:858
#102 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#103 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#104 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#105 0x55a72640fafe in dlang_type d-demangle.c:858
#106 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#107 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#108 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#109 0x55a72640fafe in dlang_type d-demangle.c:858
#110 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#111 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#112 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#113 0x55a72640fafe in dlang_type d-demangle.c:858
#114 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#115 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#116 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#117 0x55a72640fafe in dlang_type d-demangle.c:858
#118 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#119 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#120 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#121 0x55a72640fafe in dlang_type d-demangle.c:858
#122 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#123 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#124 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#125 0x55a72640fafe in dlang_type d-demangle.c:858
#126 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#127 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#128 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#129 0x55a72640fafe in dlang_type d-demangle.c:858
#130 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#131 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#132 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#133 0x55a72640fafe in dlang_type d-demangle.c:858
#134 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#135 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#136 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#137 0x55a72640fafe in dlang_type d-demangle.c:858
#138 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#139 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#140 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#141 0x55a72640fafe in dlang_type d-demangle.c:858
#142 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#143 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#144 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#145 0x55a72640fafe in dlang_type d-demangle.c:858
#146 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#147 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#148 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#149 0x55a72640fafe in dlang_type d-demangle.c:858
#150 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#151 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#152 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#153 0x55a72640fafe in dlang_type d-demangle.c:858
#154 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#155 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#156 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#157 0x55a72640fafe in dlang_type d-demangle.c:858
#158 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#159 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#160 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#161 0x55a72640fafe in dlang_type d-demangle.c:858
#162 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#163 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#164 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#165 0x55a72640fafe in dlang_type d-demangle.c:858
#166 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#167 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#168 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#169 0x55a72640fafe in dlang_type d-demangle.c:858
#170 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#171 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#172 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#173 0x55a72640fafe in dlang_type d-demangle.c:858
#174 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#175 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#176 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#177 0x55a72640fafe in dlang_type d-demangle.c:858
#178 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#179 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#180 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#181 0x55a72640fafe in dlang_type d-demangle.c:858
#182 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#183 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#184 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#185 0x55a72640fafe in dlang_type d-demangle.c:858
#186 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#187 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#188 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#189 0x55a72640fafe in dlang_type d-demangle.c:858
#190 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#191 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#192 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#193 0x55a72640fafe in dlang_type d-demangle.c:858
#194 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#195 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#196 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#197 0x55a72640fafe in dlang_type d-demangle.c:858
#198 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#199 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#200 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#201 0x55a72640fafe in dlang_type d-demangle.c:858
#202 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#203 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#204 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#205 0x55a72640fafe in dlang_type d-demangle.c:858
#206 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#207 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#208 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#209 0x55a72640fafe in dlang_type d-demangle.c:858
#210 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#211 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#212 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#213 0x55a72640fafe in dlang_type d-demangle.c:858
#214 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#215 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#216 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#217 0x55a72640fafe in dlang_type d-demangle.c:858
#218 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#219 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#220 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#221 0x55a72640fafe in dlang_type d-demangle.c:858
#222 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#223 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#224 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#225 0x55a72640fafe in dlang_type d-demangle.c:858
#226 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#227 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#228 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#229 0x55a72640fafe in dlang_type d-demangle.c:858
#230 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#231 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#232 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#233 0x55a72640fafe in dlang_type d-demangle.c:858
#234 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#235 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#236 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#237 0x55a72640fafe in dlang_type d-demangle.c:858
#238 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#239 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#240 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#241 0x55a72640fafe in dlang_type d-demangle.c:858
#242 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#243 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#244 0x55a72640ed82 in dlang_function_type d-demangle.c:659
#245 0x55a72640fafe in dlang_type d-demangle.c:858
#246 0x55a72640f2cd in dlang_function_args d-demangle.c:741
#247 0x55a72640eb40 in dlang_function_type_noreturn d-demangle.c:631
#248 0x55a72640ed82 in dlang_function_type d-demangle.c:659
SUMMARY: AddressSanitizer: stack-overflow
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:343
in __interceptor_strlen
==3581485==ABORTING
