[Bug demangler/110147] UBSAN error in rust-demangle.c: NULL pointer passed to memcpy

[lukas.dresel at cs dot ucsb.edu via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110147

--- Comment #1 from lukas.dresel at cs dot ucsb.edu ---
The invocation was `rust_demangle(mangled=0x18140ad "_RYC0.vdj\\lc[kniso,bz",
options=0x103)`.

The original bug report to binutils can be found here with more details:
https://sourceware.org/bugzilla/show_bug.cgi?id=30507

[Bug demangler/110147] New: UBSAN error in rust-demangle.c: NULL pointer passed to memcpy

[lukas.dresel at cs dot ucsb.edu via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110147

Bug ID: 110147
   Summary: UBSAN error in rust-demangle.c: NULL pointer passed to
memcpy
   Product: gcc
   Version: unknown
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: demangler
  Assignee: unassigned at gcc dot gnu.org
  Reporter: lukas.dresel at cs dot ucsb.edu
  Target Milestone: ---

This was discovered using our hybrid fuzzer originally on `binutils` `nm-new`.

It appears to be caused by passing the string "_RYC0.vdj\\lc[kniso,bz" to
`rust_demangle`.

In the second invocation of `str_buf_append`, the `memcpy` src pointer is set
to NULL.

I have added the attached `nm-new` binary with debug symbols which exhibits the
error, and the reproducing testcase. The above string was extracted from gdb.