https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #15 from Jakub Jelinek ---
Author: jakub
Date: Thu May 19 12:05:41 2016
New Revision: 236456
URL: https://gcc.gnu.org/viewcvs?rev=236456&root=gcc&view=rev
Log:
Backported from mainline
2016-05-19 Jakub Jelinek
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #14 from Jakub Jelinek ---
Author: jakub
Date: Thu May 19 10:44:31 2016
New Revision: 236452
URL: https://gcc.gnu.org/viewcvs?rev=236452&root=gcc&view=rev
Log:
Backported from mainline
2016-05-19 Jakub Jelinek
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Bernd Schmidt changed:
What|Removed |Added
Status|UNCONFIRMED |RESOLVED
CC|
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #12 from Bernd Schmidt ---
Author: bernds
Date: Fri Apr 8 12:10:21 2016
New Revision: 234829
URL: https://gcc.gnu.org/viewcvs?rev=234829&root=gcc&view=rev
Log:
Fix memory allocation size overflows (PR69687, patch by Marcel Böhme)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #11 from Manuel López-Ibáñez ---
The policy of GNU software is to avoid arbitrary implementation limits whenever
possible.
(In reply to Marcel Böhme from comment #4)
> with n=2*(length of decl + length of arg) characters. Since n is
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #10 from Markus Trippelsdorf ---
Patches should be posted to: gcc-patc...@gcc.gnu.org
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #9 from Marcel Böhme ---
Created attachment 37839
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37839&action=edit
Proposed Patch
* Limiting the length of the mangled string to 264k characters.
* Limiting the loop iterations to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Markus Trippelsdorf changed:
What|Removed |Added
Severity|major |normal
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Marcel Böhme changed:
What|Removed |Added
Severity|normal |major
--- Comment #8 from Marcel Böhme -
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #7 from Marcel Böhme ---
Created attachment 37620
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37620&action=edit
Valgrind This
$ cat compileme.c
#include
#include
const char*
X00020A___R0020A__U000R03000N
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Manuel López-Ibáñez changed:
What|Removed |Added
CC||manu at gcc dot gnu.org
--- Commen
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #5 from Marcel Böhme ---
Created attachment 37612
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37612&action=edit
Debug This
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #4 from Marcel Böhme ---
Here is my preliminary analysis:
The function demangle_args (cplus-dem.c:4424) parses the (crafted) mangled
function args from the binary. In line 4452, r is read from mangled. In line
4491, we enter a loop wi
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #3 from Marcel Böhme ---
Hi Markus,
Indeed, it depends on the use case. I find it quite unsettling to know that
common digital forensics tools, such as gdb and objdump, are vulnerable to
execute arbitrary code.
How much credibility
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Markus Trippelsdorf changed:
What|Removed |Added
CC||trippels at gcc dot gnu.org
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
--- Comment #1 from Marcel Böhme ---
Created attachment 37593
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=37593&action=edit
Test Case #2
16 matches
Mail list logo
