https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83472
Bug ID: 83472 Summary: Signed Integer Overflow - 38176028 Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: demangler Assignee: unassigned at gcc dot gnu.org Reporter: security-tps at google dot com Target Milestone: --- Created attachment 42909 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=42909&action=edit PoC + Dockerfile Filing here per: https://sourceware.org/bugzilla/show_bug.cgi?id=22610 Hello binutils team, As part of our fuzzing efforts at Google, we have identified an issue affecting binutils (tested with revision * master 79e741920446582bd0e09f3e2b9f899c258efa56). To reproduce, we are attaching a Dockerfile which compiles the project with LLVM, taking advantage of the sanitizers that it offers. More information about how to use the attached Dockerfile can be found here: https://docs.docker.com/engine/reference/builder/ TL;DR instructions: * `mkdir project` * `cp Dockerfile /path/to/project` * `docker build --no-cache /path/to/project` * `docker run -it image_id_from_docker_build` From another terminal, outside the container: `docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer` (reference: https://docs.docker.com/engine/reference/commandline/cp/) And, back inside the container: `/fuzzing/repro.sh /fuzzing/reproducer` Alternatively, and depending on the bug, you could use gcc, valgrind or other instrumentation tools to aid in the investigation. The sanitizer error that we encountered is here: /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3597:10: runtime error: signed integer overflow: 777777777 * 10 cannot be represented in type 'int' SUMMARY: AddressSanitizer: undefined-behavior /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3597:10 in We will gladly work with you so you can successfully confirm and reproduce this issue. Do let us know if you have any feedback surrounding the documentation. Once you have reproduced the issue, we'd appreciate to learn your expected timeline for an update to be released. With any fix, please attribute the report to "Google Autofuzz project". We are also pleased to inform you that your project is eligible for inclusion to the OSS-Fuzz project, which can provide additional continuous fuzzing, and encourage you to investigate integration options. Don't hesitate to let us know if you have any questions! Google AutoFuzz Team