[Bug debug/104169] GDB unable to set $xmm2-7 register but able to set $xmm0-1 on non-AVX machines
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104169 --- Comment #2 from Luís Ferreira --- Thanks for the information. Just cross-referencing here: https://sourceware.org/bugzilla/show_bug.cgi?id=28803 .
[Bug debug/104169] New: GDB unable to set $xmm2-7 register but able to set $xmm0-1 on non-AVX machines
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104169 Bug ID: 104169 Summary: GDB unable to set $xmm2-7 register but able to set $xmm0-1 on non-AVX machines Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: debug Assignee: unassigned at gcc dot gnu.org Reporter: contact at lsferreira dot net Target Milestone: --- When running on my "Intel(R) Xeon(R) CPU E7-4860", I can't set xmm2 to xmm7 registers on GDB. On a more recent CPU "Intel(R) Core(TM) m3-7Y30" this seems to set just fine. I also tested this on a libvirt clean environment with an Intel Core 2 Duo and Intel Ivy Bridge family CPU (emulated settings), and the one without AVX did fail to set. To reproduce the issue, you can run any process on a non-AVX machine: $ gdb /usr/bin/bash > r -c 'kill -SIGILL $$' > p $xmm7.uint128 > set $xmm7.uint128 = 35322350018591 > p $xmm7.uint128 If you try with $xmm0 or $xmm1 it works just fine.
[Bug demangler/102732] New: quadratic/exponential time complexity on D demangler
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102732 Bug ID: 102732 Summary: quadratic/exponential time complexity on D demangler Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: contact at lsferreira dot net Target Milestone: --- Feeding the initial mangled symbol "_D3eeeS2RPRRS2RPRgRgRS4RPRgRggRgRS2RPRgPRRS6RPRgRgRRRS2RPRgPRRS2" and subsequentially append "_D3eeeRS2RPRgPRRS6RPRgRgRRRS2RPRgPRRS2" to it, makes the demangler demangle it in an excessive time. This was found with libfuzzer, and other meaningful results can be found here: https://lsferreira.net/public/assets/posts/d-saoc-2021-02/fuzzer-results/ This seems to be either quadratic or exponential in terms of time complexity. Similar to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80002 , this needs to be fixed until we add libiberty to Google OSS fuzz.
[Bug demangler/102702] libiberty: heap/stack buffer overflow when decoding user input
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102702 --- Comment #1 from Luís Ferreira --- Submitted patch: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html
[Bug demangler/102702] New: libiberty: heap/stack buffer overflow when decoding user input
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102702 Bug ID: 102702 Summary: libiberty: heap/stack buffer overflow when decoding user input Product: gcc Version: 11.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: contact at lsferreira dot net Target Milestone: --- Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault or crash) via a crafted mangled symbol. Example of affected symbols "_D2FGWG4EQe", "_D4c?441_Qe_4DmD_i==UUUqU", "_D33dddQ_D2DVV_D33dddQDVVHHDQN188Qr" and "_D8ee2_Qe". A CVE was already assigned by Red Hat: CVE-2021-3826: libiberty: heap/stack buffer overflow in the dlang_lname function in d-demangle.c
[Bug d/102618] d-demangle: anonymous symbols are not being properly skipped
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102618 --- Comment #2 from Luís Ferreira --- Sorry, I sent the wrong example. That example was to cover a missing test. The actual mangle that is not being handled is _D8demangle9anonymous0Z . It should be demangled as demangle.anonymous .
[Bug demangler/102618] New: d-demangle: anonymous symbols are not being properly skipped
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102618 Bug ID: 102618 Summary: d-demangle: anonymous symbols are not being properly skipped Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: contact at lsferreira dot net Target Milestone: --- According to the D ABI specification, symbol names can contain an arbitrary number of anonymous symbols. Currently, libiberty can't demangle the following properly: _D8demangle9anonymous03fooZ demangle.anonymous.foo On the other hand, the official demangler can successfully demangle it as a D symbol.