https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99189
Bug ID: 99189 Summary: cxxfilt may exist a uaf Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: zyt1024 at bupt dot edu.cn Target Milestone: --- In the version 2.26 of cxxfilt, Valgrind reports an invalid write of size 4. # valgrind ./cxxfilt `cat cxxfilt_12.29-12.30-24h-run3/error_level/level-2-26-g64.txt` ==24019== Memcheck, a memory error detector ==24019== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==24019== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==24019== Command: ./cxxfilt ._Q0AEQW__Jd3__^xewx_v6_$_[_O_2C__: ==24019== ==24019== Invalid write of size 4 ==24019== at 0x813A8E5: register_Btype (cplus-dem.c:4319) ==24019== by 0x8139F8C: demangle_fund_type (cplus-dem.c:4015) ==24019== by 0x813984F: do_type (cplus-dem.c:3811) ==24019== by 0x813A5B4: do_arg (cplus-dem.c:4231) ==24019== by 0x813ADA9: demangle_args (cplus-dem.c:4514) ==24019== by 0x8135A90: demangle_signature (cplus-dem.c:1642) ==24019== by 0x8134D07: internal_cplus_demangle (cplus-dem.c:1203) ==24019== by 0x8134466: cplus_demangle (cplus-dem.c:886) ==24019== by 0x8049A23: demangle_it (cxxfilt.c:62) ==24019== by 0x8049E21: main (cxxfilt.c:227) ==24019== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==24019== ==24019== ..