https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106641
--- Comment #1 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The trunk branch has been updated by Andrew Pinski <[email protected]>: https://gcc.gnu.org/g:a8290fb163443276c3df6b20024c6874f93c560c commit r16-7746-ga8290fb163443276c3df6b20024c6874f93c560c Author: Ruslan Valiyev <[email protected]> Date: Thu Feb 26 19:15:06 2026 +0000 libiberty: fix resource exhaustion in rust demangler (PR demangler/106641) demangle_binder() parses the bound_lifetimes count as a base-62 integer with no upper bound. A crafted symbol can encode a huge lifetime count in very few bytes, causing OOM or CPU hang. Cap bound_lifetimes at 1024 and check rdm->errored in the loop so it bails out early on errors during iteration. libiberty/ChangeLog: PR demangler/106641 * rust-demangle.c (demangle_binder): Reject bound_lifetimes above 1024 to prevent resource exhaustion from crafted symbols. Add rdm->errored check in the loop condition. * testsuite/rust-demangle-expected: Add regression test. Signed-off-by: Ruslan Valiyev <[email protected]>
