[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Pavel Mayorov changed: What|Removed |Added CC||pmayorov at cloudlinux dot com --- Comment #9 from Pavel Mayorov --- If it's still important for someone, then this is a duplicate of bug 67394 (CVE-2016-4487), which was solved by bug 70481 (CVE-2016-4488). So for version 2.26 use the patch https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=9e6edb946c0e9a2c530fbae3eeace148eca0de33.
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Nick Clifton changed: What|Removed |Added CC||nickc at gcc dot gnu.org --- Comment #8 from Nick Clifton --- (In reply to Michael Matz from comment #7) > Actually, it _is_ fixed. This problem report is about version 2.26, which > is many > years old. Current versions don't have this problem, at the very least when > the problematic code was removed whole-sale in late 2018/early 2019. Just checked - the problem is fixed in 2.27 and all later versions
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Michael Matz changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED CC||matz at gcc dot gnu.org --- Comment #7 from Michael Matz --- Actually, it _is_ fixed. This problem report is about version 2.26, which is many years old. Current versions don't have this problem, at the very least when the problematic code was removed whole-sale in late 2018/early 2019.
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 --- Comment #6 from Martin Liška --- (In reply to zhangyuntao from comment #5) > “Ok, the input is a garbage.” > Do you mean the input is not a crash to cxxfilt? Why does the program crash? It likely makes cxxfilt crashing. I'm just saying it's likely a product of a fuzzer and it's very unlikely to be fixed.
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 --- Comment #5 from zhangyuntao --- “Ok, the input is a garbage.” Do you mean the input is not a crash to cxxfilt? Why does the program crash?
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Martin Liška changed: What|Removed |Added Status|WAITING |NEW Keywords||ice-on-invalid-code --- Comment #4 from Martin Liška --- Ok, the input is a garbage.
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 --- Comment #3 from zhangyuntao --- Created attachment 50230 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=50230=edit PoC
[Bug demangler/99188] cxxfilt may exist a uaf
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 Martin Liška changed: What|Removed |Added Ever confirmed|0 |1 CC||marxin at gcc dot gnu.org Status|UNCONFIRMED |WAITING Last reconfirmed||2021-02-22 --- Comment #2 from Martin Liška --- Please attach the input.