[llvm-bugs] Issue 14201 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in llvm::ms_demangle::Demangler::demangleTemplateInstantiationName
Comment #4 on issue 14201 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in llvm::ms_demangle::Demangler::demangleTemplateInstantiationName https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14201#c4 The issue here is that demangleTemplateInstantiationName keeps a BackrefContext on the stack, and that is 22 pointers large. So stack_size / 176 is the max number of template instantiation names that work. The report "only" has 57 calls to demangleTemplateInstantiationName on the stack, which is only 10kB large. Maybe oss-fuzz runs with a small stack ulimit? Moving BackrefContext to the heap would probably extend the runway until this happens a lot, but it'd still happen eventually and in practice even 57 calls is very far away from what realistic inputs will have. So I'm not sure anything needs to be done here. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 15022 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer
Comment #2 on issue 15022 by tha...@chromium.org:
llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in
llvm_llvm-microsoft-demangle-fuzzer
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15022#c2
The root cause here ultimately is that demangling output can be exponential
in the size of the input, even for valid manglings. Consider:
$ cat test.cc
template
struct Fooob {};
using A0 = Fooob;
using A1 = Fooob;
using A2 = Fooob;
using A3 = Fooob;
using A4 = Fooob;
using A5 = Fooob;
using A6 = Fooob;
using A7 = Fooob;
void f(A7 a) {}
$ out/gn/bin/clang-cl /c test.cc
$ out/gn/bin/llvm-nm test.obj
T ?f@@YAXU?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@HH@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1Z
a @feat.00
$ /usr/bin/time -l
out/gn/bin/llvm-undname '?f@@YAXU?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@U?$Fooob@HH@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1@@@U1@U1@U1@U1@U1@U1@U1@U1@U1Z'
tmp.txt
3.93 real 0.76 user 1.15 sys
1459576832 maximum resident set size
0 average shared memory size
0 average unshared data size
0 average unshared stack size
516405 page reclaims
0 page faults
0 swaps
0 block input operations
0 block output operations
0 messages sent
0 messages received
0 signals received
943 voluntary context switches
62 involuntary context switches
$ ls -hl tmp.txt
-rw-r--r-- 1 thakis staff 625M Jun 5 08:36 tmp.txt
This grows 10x with each additional A. I can make the backref entries lazy
and that should save one level of memory use and for this example it'd
probably cut memory use almost 10x -- but the cc file only needs to grow a
single additional line to waste that again, and the mangled string will
only grow by a few bytes for this.
This also isn't llvm-undname specific, llvm-cxxfilt has the same issue:
$ out/gn/bin/clang -c test.cc
$ out/gn/bin/llvm-nm test.o
T
__Z1f5FooobIS_IS_IS_IS_IS_IS_IS_IiiES0_S0_S0_S0_S0_S0_S0_S0_S0_ES1_S1_S1_S1_S1_S1_S1_S1_S1_ES2_S2_S2_S2_S2_S2_S2_S2_S2_ES3_S3_S3_S3_S3_S3_S3_S3_S3_ES4_S4_S4_S4_S4_S4_S4_S4_S4_ES5_S5_S5_S5_S5_S5_S5_S5_S5_ES6_S6_S6_S6_S6_S6_S6_S6_S6_E
$ /usr/bin/time -l out/gn/bin/llvm-cxxfilt
_Z1f5FooobIS_IS_IS_IS_IS_IS_IS_IiiES0_S0_S0_S0_S0_S0_S0_S0_S0_ES1_S1_S1_S1_S1_S1_S1_S1_S1_ES2_S2_S2_S2_S2_S2_S2_S2_S2_ES3_S3_S3_S3_S3_S3_S3_S3_S3_ES4_S4_S4_S4_S4_S4_S4_S4_S4_ES5_S5_S5_S5_S5_S5_S5_S5_S5_ES6_S6_S6_S6_S6_S6_S6_S6_S6_E
tmp.txt
5.02 real 2.85 user 0.78 sys
1159876608 maximum resident set size
0 average shared memory size
0 average unshared data size
0 average unshared stack size
316004 page reclaims
16 page faults
0 swaps
0 block input operations
0 block output operations
0 messages sent
0 messages received
0 signals received
671 voluntary context switches
189 involuntary context switches
$ ls -hl tmp.txt
-rw-r--r-- 1 thakis staff 552M Jun 5 08:39 tmp.txt
As said, the root cause here is that the output can be exponential in the
input size. Nobody really wants to have exponentially-sized output from
their demangler -- the following is just hard to read:
demumble
'__Z1f5FooobIS_IS_IiiES0_S0_S0_S0_S0_S0_S0_S0_S0_ES1_S1_S1_S1_S1_S1_S1_S1_S1_E'
f(Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int>, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int> >, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int>, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int> >, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int>, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int> >, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int>, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int> >, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int>, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int, int, int, int>, Fooobint, int> >, Fooob,
Fooob, Fooobint, int, int, int, int, int, int, int>, Fooobint, int,
[llvm-bugs] Issue 14221 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer
Comment #2 on issue 14221 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14221#c2 r361744 should fix this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14405 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::Demangler::demangleTemplateParameterList
Comment #2 on issue 14405 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::Demangler::demangleTemplateParameterList https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14405#c2 361402 should fix this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14426 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: NumBytes > 0
Comment #2 on issue 14426 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: NumBytes > 0 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14426#c2 http://reviews.llvm.org/rL359109 should fix. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14404 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !MangledName.empty()
Comment #2 on issue 14404 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !MangledName.empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14404#c2 http://reviews.llvm.org/rL358891 should fix. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14386 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: StringByteSize % CharBytes == 0
Comment #2 on issue 14386 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: StringByteSize % CharBytes == 0 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14386#c2 https://reviews.llvm.org/rL358835 should fix. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14349 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Direct-leak in llvm::ms_demangle::Demangler::demangleStringLiteral
Comment #2 on issue 14349 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Direct-leak in llvm::ms_demangle::Demangler::demangleStringLiteral https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14349#c2 http://reviews.llvm.org/rL358760 might help. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14278 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::StructorIdentifierNode::output
Comment #2 on issue 14278 by tha...@google.com: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::StructorIdentifierNode::output https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14278#c2 http://reviews.llvm.org/rL358491 should fix. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14247 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Comment #2 on issue 14247 by tha...@google.com: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14247#c2 https://reviews.llvm.org/D60774 should fix this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14239 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty()
Comment #2 on issue 14239 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14239#c2 http://reviews.llvm.org/rL358367 should fix. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14222 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !MangledName.empty()
Comment #2 on issue 14222 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !MangledName.empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14222#c2 https://reviews.llvm.org/rL358363 should fix this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12429 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode
Comment #7 on issue 12429 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12429#c7 I hadn't realized CF's test case had a trailing space, so I claimed I discovered this myself when I independently rediscovered this yesterday. Fix was http://reviews.llvm.org/rL358239 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14201 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in llvm::ms_demangle::Demangler::demangleTemplateInstantiationName
Comment #2 on issue 14201 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in llvm::ms_demangle::Demangler::demangleTemplateInstantiationName https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14201#c2 Hopefully fixed by http://reviews.llvm.org/rL358234 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14206 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty()
Comment #2 on issue 14206 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14206#c2 Should be fixed in http://reviews.llvm.org/rL358238 (which I found a bit before CF). -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14160 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference WRITE in llvm::ms_demangle::Demangler::parse
Comment #2 on issue 14160 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference WRITE in llvm::ms_demangle::Demangler::parse https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14160#c2 Fix: http://reviews.llvm.org/rL358112 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14121 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty()
Comment #2 on issue 14121 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14121#c2 Fix: https://reviews.llvm.org/D60354 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14123 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference WRITE in llvm::ms_demangle::Demangler::demangleMemberPointerType
Comment #2 on issue 14123 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference WRITE in llvm::ms_demangle::Demangler::demangleMemberPointerType https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14123#c2 Fix: https://reviews.llvm.org/D60354 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14122 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::microsoftDemangle
Comment #2 on issue 14122 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::microsoftDemangle https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14122#c2 Fix: https://reviews.llvm.org/D60354 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 14084 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::ConversionOperatorIdentifierNode::output
Comment #2 on issue 14084 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::ConversionOperatorIdentifierNode::output https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14084#c2 Fix: https://reviews.llvm.org/D60354 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12428 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty()
Comment #7 on issue 12428 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12428#c7 Hooray, the fix (https://reviews.llvm.org/rL357647) worked. Can someone close this? -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 13260 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer
Comment #3 on issue 13260 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13260#c3 Fix for all of these: https://reviews.llvm.org/D60207 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 13260 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer
Comment #2 on issue 13260 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Out-of-memory in llvm_llvm-microsoft-demangle-fuzzer https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13260#c2 The original test case is '? @@ YMMC@' The slightly shorter one '? @@ YC@' causes a crash. The even shorter one '? @@ YMMMC@' causes an assert, as does '? @@ YC@'. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Comment #4 on issue 12897 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897#c4 https://reviews.llvm.org/D60202 fixes at least the repro case attached to this bug. I don't have permissions to view https://oss-fuzz.com/testcase-detail/5647811742269440 so I can't check if other cases still trigger this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12432 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: QN->Components->Count >= 2
Comment #5 on issue 12432 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: QN->Components->Count >= 2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12432#c5 Fix: https://reviews.llvm.org/D60206 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12429 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode
Comment #5 on issue 12429 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Global-buffer-overflow in llvm::ms_demangle::Demangler::demangleFunctionIdentifierCode https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12429#c5 Fix: https://reviews.llvm.org/D60204 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12428 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty()
Comment #5 on issue 12428 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: ASSERT: !empty() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12428#c5 Fix: https://reviews.llvm.org/D60204 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12435 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::Demangler::demangleVariableEncoding
Comment #5 on issue 12435 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::ms_demangle::Demangler::demangleVariableEncoding https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12435#c5 Fix: https://reviews.llvm.org/D60202 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12438 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::microsoftDemangle
Comment #5 on issue 12438 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Null-dereference READ in llvm::microsoftDemangle https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12438#c5 Fix: https://reviews.llvm.org/D60202 -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
