[Bug demangler/105039] rust demangler stack overflow
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #5 from Nick Clifton --- Patch applied.
[Bug demangler/105039] rust demangler stack overflow
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #1 from Nick Clifton --- Proposed patch submitted here: https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html
[Bug demangler/98886] stack overflow in cxxfilt, demangle_type, rust-demangle.c:854
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98886 Nick Clifton changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #12 from Nick Clifton --- Fixed on mainline.
[Bug demangler/99935] Stack exhaustion demangling rust mangled name
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 Nick Clifton changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #11 from Nick Clifton --- Fixed on mainline.
[Bug demangler/98886] stack overflow in cxxfilt, demangle_type, rust-demangle.c:854
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98886 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #10 from Nick Clifton --- A patch to fix this problem has been proposed on gcc-patches: https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589277.html
[Bug demangler/99935] Stack exhaustion demangling rust mangled name
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 --- Comment #9 from Nick Clifton --- A revised patch to fix this PR has been prroposed on gcc-patches: https://gcc.gnu.org/pipermail/gcc-patches/2022-January/589277.html
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #8 from Nick Clifton --- (In reply to Michael Matz from comment #7) > Actually, it _is_ fixed. This problem report is about version 2.26, which > is many > years old. Current versions don't have this problem, at the very least when > the problematic code was removed whole-sale in late 2018/early 2019. Just checked - the problem is fixed in 2.27 and all later versions
[Bug demangler/99935] Stack exhaustion demangling rust mangled name
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 --- Comment #3 from Nick Clifton --- (In reply to Jonathan Wakely from comment #2) > This patch breaks MinGW, see PR 101779 But it can be fixed by: https://sourceware.org/bugzilla/show_bug.cgi?id=28207
[Bug demangler/101779] Compilation of rust-demangle.c fails on MinGW
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101779 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #4 from Nick Clifton --- Note - this bug has been reported and fixed in the binutils copy of the libiberty sources: https://sourceware.org/bugzilla/show_bug.cgi?id=28207
[Bug demangler/100968] libiberty: stuck in infinite loop in nm-new while demangling rust symbols
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #1 from Nick Clifton --- Created attachment 51156 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51156=edit Proposed patch I think that this PR is a duplicate of 99935. The patch for that PR (attached here) also fixes this problem.
[Bug demangler/99935] Stack exhaustion demangling rust mangled name
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 --- Comment #1 from Nick Clifton --- Created attachment 50777 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50777=edit Proposed patch Here is a possible patch for the problem, adding a recursion limit to the demangle_path() function. Note - a variation of this bug appears to have been reported on the Ubuntu mailing lists with a different reproducer: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348
[Bug demangler/100177] New: Rust demangler tests fail on big-endian hosts
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100177 Bug ID: 100177 Summary: Rust demangler tests fail on big-endian hosts Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: nickc at gcc dot gnu.org Target Milestone: --- The rust portion of the libiberty testsuite fails when run on a big-endian host: ./test-demangle < ./libiberty/testsuite/rust-demangle-expected FAIL at line 222, options --format=rust: in: _RMCs4fqI2P2rA04_13const_genericINtB0_4CharKc76_E out: > FAIL at line 285, options --format=auto: in: _RMCs4fqI2P2rA04_13const_genericINtB0_4CharKc76_E out: > ./test-demangle: 68 tests, 2 failures The same failures do not happen when the tests are run on a little endian host. This problem appears to have existed for at least a few months and was recently reported on the binutils bugzilla system: https://sourceware.org/bugzilla/show_bug.cgi?id=27751
[Bug demangler/99935] New: Stack exhaustion demangling rust mangled name
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 Bug ID: 99935 Summary: Stack exhaustion demangling rust mangled name Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: nickc at gcc dot gnu.org Target Milestone: --- The rust demangler can be pushed into an infinite loop, triggering stack exhaustion: % cat pr27963 # Reproduced from binutils PR 27963. # Note - the expected output is wrong. It is just there as a placeholder. --format=rust _RIMBALO_suB_I__Z5printi fred % valgrind ./testsuite/test-demangle < pr27963 [...] ==429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000 [...] =429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000 ==429737==at 0x410BA7: demangle_path (rust-demangle.c:742) [...] Segmentation fault (core dumped)
[Bug demangler/88629] Regression lead to Heap-buffer-overflow problem in function d_expression_1 in cp-demangle.c, as demonstrated by c++filt
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #13 from Nick Clifton --- (In reply to prajwapa from comment #12) > Could you please let me know, in which binutils version is this fixed? Not really. I can confirm that the test cases do not fail when tested with binutils 2.35 (with sanitization enabled) and with any binutils all the way back to 2.30 if sanitization is not enabled. Given that the bug was reported in 2018-12 and assuming that it was fixed at some point in the 6 months after that, then the nearest binutils release that would have included the fix is 2.33. I hope that this helps. Cheers Nick