[Bug c++/87335] New: The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 (c++filt -t)

Mon, 17 Sep 2018 07:57:03 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335

            Bug ID: 87335
           Summary: The stack overflow in function cplus_demangle_type in
                    cp-demangle.c:2565 (c++filt -t)
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: wcventure at 126 dot com
  Target Milestone: ---

Created attachment 44706
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=44706&action=edit
Stack_overflow_in_c++filt-t

Hi,

We have found a stack overflow in function cplus_demangle_type in
cp-demangle.c:2565 in c++filt of the latest binutils code base. 

Here is the POC file. Please use the “c++filt -t < $POC ” to reproduce the bug.
Thank you very much.


Command:“c++filt -t < $POC ” (Please remember to use the option -t)

AddressSanitizer:DEADLYSIGNAL
=================================================================
==21814==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcafaefbc0 (pc
0x0000008d3eb1 bp 0x7ffcafaf02d0 sp 0x7ffcafaefbc0 T0)
    #0 0x8d3eb0 in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2367
    #1 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #2 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #3 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #4 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #5 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #6 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #7 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #8 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #9 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    ...
    ...
    ...
    #246 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #247 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #248 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5
    #249 0x8d523c in cplus_demangle_type
/binutils-2.31/libiberty/./cp-demangle.c:2565:5

SUMMARY: AddressSanitizer: stack-overflow
/binutils-2.31/libiberty/./cp-demangle.c:2367 in cplus_demangle_type
==21814==ABORTING
Aborted

Reply via email to