[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

mudongliangabcd at gmail dot com Wed, 28 Mar 2018 08:03:23 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=23008


--- Comment #2 from Dongliang Mu <mudongliangabcd at gmail dot com> ---
Hi Nick,

first let me show my concrete instructions to convince you it is reproducible.
And then I will post it to GCC Bugzilla.

```
wget https://ftp.gnu.org/gnu/binutils/binutils-2.29.tar.gz
tar -xvf binutils-2.29.tar.gz 
cd binutils-2.29/
CC=clang CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address"
./configure
make
cd binutils/
ls
./cxxfilt < ~/Downloads/poc
```
Then you will see :

```
ASAN:DEADLYSIGNAL
=================================================================
==25076==ERROR: AddressSanitizer: stack-overflow on address 0x7ffeaf715ff8 (pc
0x00000042315c bp 0x7ffeaf716890 sp 0x7ffeaf716000 T0)
    #0 0x42315b in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*)
(/home/mdl/Downloads/binutils-2.29/binutils/cxxfilt+0x42315b)
    #1 0x4d23cb in malloc
(/home/mdl/Downloads/binutils-2.29/binutils/cxxfilt+0x4d23cb)
    #2 0x9289c7 in xmalloc
/home/mdl/Downloads/binutils-2.29/libiberty/./xmalloc.c:147:12
    #3 0x8dfe15 in string_need
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4906:21
    #4 0x8de7b8 in string_append
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4961:3
    #5 0x8ebd1f in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4578:7
    #6 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
    #7 0x8ce628 in do_type
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:3719:9
    #8 0x8edd4d in do_arg
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4332:8
    #9 0x8eccac in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4659:9
    #10 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
    #11 0x8ce628 in do_type
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:3719:9
    #12 0x8edd4d in do_arg
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4332:8
    #13 0x8eccac in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4659:9
    #14 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
```

Originally I reproduced this issue in Ubuntu 14.04.5 LTS. Now I test and
successfully reproduce it in Debian Testing.

The same method to reproduce it in binutils-2.30. You will get the following
error message:

```
ASAN:DEADLYSIGNAL
=================================================================
==25373==ERROR: AddressSanitizer: stack-overflow on address 0x7fff177ecff8 (pc
0x0000008dfe9b bp 0x7fff177ed3b0 sp 0x7fff177ed000 T0)
    #0 0x8dfe9a in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4578:22
    #1 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
    #2 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
    #3 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
    #4 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
    #5 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
    #6 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
    #7 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
    #8 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
    #9 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
    #10 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
    #11 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
    #12 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
    #13 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
```

If you have any problem to reproduce this issue, please let me know.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

Reply via email to