On Wed, Dec 12, 2018 at 3:40 AM Nick Clifton <ni...@redhat.com> wrote:
>
> *sigh* 5 minutes after sending the patch for this PR, I realised that
> I had made a mistake. I should have conditionalized the limit on the
> number of supported qualifiers, so that the check is only made if we
> have resource limits enabled. Like this:
>
> Cheers
> Nick
>
> Index: libiberty/cplus-dem.c
> ===================================================================
> --- libiberty/cplus-dem.c (revision 267043)
> +++ libiberty/cplus-dem.c (working copy)
> @@ -3443,6 +3443,20 @@
> success = 0;
> }
>
> + if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0)
> + {
> + /* PR 87241: Catch malicious input that will try to trick this code
> into
> + allocating a ridiculous amount of memory via the remember_Ktype()
> + function.
> + The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary.
> Possibly
> + a better solution would be to track how much memory remember_Ktype
> + allocates and abort when some upper limit is reached. */
> + if (qualifiers > DEMANGLE_RECURSION_LIMIT)
> + /* FIXME: We ought to have some way to tell the user that
> + this limit has been reached. */
> + success = 0;
> + }
> +
> if (!success)
> return success;
This is OK.
Thanks.,
I thought we were removing the old demangling schemes?
Ian
