[Bug c++/87335] The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 (c++filt -t)

sgayou at redhat dot com Thu, 29 Nov 2018 09:13:43 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335


Scott Gayou <sgayou at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sgayou at redhat dot com

--- Comment #10 from Scott Gayou <sgayou at redhat dot com> ---
This reproducer seems to require adjusting the maximum stack size.

i.e.:

$ ulimit -s 8192 && c++filt < poc -t

does NOT crash

whereas:

$ ulimit -s 2048 && c++filt < poc -t
Segmentation fault (core dumped)

This looks to be another potentially duplicated CVE.

See the following:

CVE-2018-18484: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
CVE-2018-18701: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
CVE-2018-18700: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681

All appear to be the same root cause.

[Bug c++/87335] The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 (c++filt -t)

Reply via email to