> On 22/09/2021 03:10 Luís Ferreira <cont...@lsferreira.net> wrote: > > > Currently a stack/heap overflow may happen if a crafted mangle is > maliciously used to cause denial of service, such as intentional > crashes > by accessing a reserved memory space. >
Hi, Thanks for this. Is there a test that could trigger this code path? Iain. > Signed-off-by: Luís Ferreira <cont...@lsferreira.net> > --- > libiberty/d-demangle.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c > index a2152cc65518..7ded3e2a2563 100644 > --- a/libiberty/d-demangle.c > +++ b/libiberty/d-demangle.c > @@ -381,7 +381,7 @@ dlang_symbol_backref (string *decl, const char > *mangled, > > /* Must point to a simple identifier. */ > backref = dlang_number (backref, &len); > - if (backref == NULL) > + if (backref == NULL || strlen(backref) < len) > return NULL; > > backref = dlang_lname (decl, backref, len);