We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug Applying the reproducer from https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78252 (2016) leads to a stack recursion.
To Reproduce
lldb ./GPL/DemanglerGnu/os/osx64/demangler_gnu "_ZSt7forwardIRZN8abcdefgh6abcdef15abcde_abcdefghi12_GLOBAL__N_116abcdefAbcdefghijERSt6vectorIPNS1_16abcde_abcdefghij24AbdefAbcdefghijAbcdefghiESaIS7_EEmdEUlRT_E3_EOSB_RNSt16abcdef_abcdefghiISB_E4typeE" [..] thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x7ffeef3fff18) frame #0: 0x00000001000052ce demangler_gnud_print_comp + 94 demangler_gnud_print_comp: -> 0x1000052ce <+94>: call 0x100007d10 ; d_print_saw_error 0x1000052d3 <+99>: cmp eax, 0x0 0x1000052d6 <+102>: je 0x1000052e1 ; <+113> 0x1000052dc <+108>: jmp 0x100007b21 ; <+10417> Target 0: (demangler_gnu) stopped.
d_print_comp + 94 demangler_gnu
[...] frame #11125: 0x00000001000054c7 demangler_gnud_print_comp + 599 frame #11126: 0x0000000100006301 demangler_gnud_print_comp + 4241 frame #11127: 0x00000001000069d6 demangler_gnud_print_comp + 5990 frame #11128: 0x0000000100007a29 demangler_gnud_print_comp + 10169 frame #11129: 0x00000001000054c7 demangler_gnud_print_comp + 599 frame #11130: 0x0000000100006301 demangler_gnud_print_comp + 4241 frame #11131: 0x00000001000069d6 demangler_gnud_print_comp + 5990 frame #11132: 0x0000000100007a29 demangler_gnud_print_comp + 10169 frame #11133: 0x00000001000054c7 demangler_gnud_print_comp + 599 frame #11134: 0x0000000100006301 demangler_gnud_print_comp + 4241 frame #11135: 0x00000001000064fb demangler_gnud_print_comp + 4747 frame #11136: 0x00000001000058fd demangler_gnud_print_comp + 1677 frame #11137: 0x000000010000516a demangler_gnucplus_demangle_print_callback + 106 frame #11138: 0x000000010000832b demangler_gnud_demangle_callback + 747 frame #11139: 0x0000000100007f91 demangler_gnud_demangle + 65 frame #11140: 0x0000000100007f3f demangler_gnucplus_demangle_v3 + 31 frame #11141: 0x00000001000103cc demangler_gnucplus_demangle + 188 frame #11142: 0x0000000100011b42 demangler_gnudemangle_it + 130 frame #11143: 0x000000010001164b demangler_gnumain + 507 frame #11144: 0x00007fff6b67c3d5 libdyld.dylibstart + 1
d_print_comp + 599 frame #11126: 0x0000000100006301 demangler_gnu
d_print_comp + 5990 frame #11128: 0x0000000100007a29 demangler_gnu
d_print_comp + 599 frame #11130: 0x0000000100006301 demangler_gnu
d_print_comp + 5990 frame #11132: 0x0000000100007a29 demangler_gnu
d_print_comp + 599 frame #11134: 0x0000000100006301 demangler_gnu
d_print_comp + 4747 frame #11136: 0x00000001000058fd demangler_gnu
cplus_demangle_print_callback + 106 frame #11138: 0x000000010000832b demangler_gnu
d_demangle + 65 frame #11140: 0x0000000100007f3f demangler_gnu
cplus_demangle + 188 frame #11142: 0x0000000100011b42 demangler_gnu
main + 507 frame #11144: 0x00007fff6b67c3d5 libdyld.dylib
Expected behavior Process input with proper return value
Environment (please complete the following information):
Additional context The default demangler version with Ghidra seems out of date, a rebase to newer libiberty may reduce the attack surface. The upstream version was fixed with https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=243568
The text was updated successfully, but these errors were encountered:
As similar bug #1451 states the demangler is 10 years old, so this also falls under CWE-937 [1]
[1] https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities
Sorry, something went wrong.
cd7a6e2
dragonmacher
Successfully merging a pull request may close this issue.
Describe the bug
Applying the reproducer from https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78252 (2016) leads to a stack recursion.
To Reproduce
lldb ./GPL/DemanglerGnu/os/osx64/demangler_gnu "_ZSt7forwardIRZN8abcdefgh6abcdef15abcde_abcdefghi12_GLOBAL__N_116abcdefAbcdefghijERSt6vectorIPNS1_16abcde_abcdefghij24AbdefAbcdefghijAbcdefghiESaIS7_EEmdEUlRT_E3_EOSB_RNSt16abcdef_abcdefghiISB_E4typeE"
[..]
thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x7ffeef3fff18)
frame #0: 0x00000001000052ce demangler_gnu
d_print_comp + 94 demangler_gnu
d_print_comp:-> 0x1000052ce <+94>: call 0x100007d10 ; d_print_saw_error
0x1000052d3 <+99>: cmp eax, 0x0
0x1000052d6 <+102>: je 0x1000052e1 ; <+113>
0x1000052dc <+108>: jmp 0x100007b21 ; <+10417>
Target 0: (demangler_gnu) stopped.
[...]
frame #11125: 0x00000001000054c7 demangler_gnu
d_print_comp + 599 frame #11126: 0x0000000100006301 demangler_gnu
d_print_comp + 4241frame #11127: 0x00000001000069d6 demangler_gnu
d_print_comp + 5990 frame #11128: 0x0000000100007a29 demangler_gnu
d_print_comp + 10169frame #11129: 0x00000001000054c7 demangler_gnu
d_print_comp + 599 frame #11130: 0x0000000100006301 demangler_gnu
d_print_comp + 4241frame #11131: 0x00000001000069d6 demangler_gnu
d_print_comp + 5990 frame #11132: 0x0000000100007a29 demangler_gnu
d_print_comp + 10169frame #11133: 0x00000001000054c7 demangler_gnu
d_print_comp + 599 frame #11134: 0x0000000100006301 demangler_gnu
d_print_comp + 4241frame #11135: 0x00000001000064fb demangler_gnu
d_print_comp + 4747 frame #11136: 0x00000001000058fd demangler_gnu
d_print_comp + 1677frame #11137: 0x000000010000516a demangler_gnu
cplus_demangle_print_callback + 106 frame #11138: 0x000000010000832b demangler_gnu
d_demangle_callback + 747frame #11139: 0x0000000100007f91 demangler_gnu
d_demangle + 65 frame #11140: 0x0000000100007f3f demangler_gnu
cplus_demangle_v3 + 31frame #11141: 0x00000001000103cc demangler_gnu
cplus_demangle + 188 frame #11142: 0x0000000100011b42 demangler_gnu
demangle_it + 130frame #11143: 0x000000010001164b demangler_gnu
main + 507 frame #11144: 0x00007fff6b67c3d5 libdyld.dylib
start + 1Expected behavior
Process input with proper return value
Environment (please complete the following information):
Additional context
The default demangler version with Ghidra seems out of date, a rebase to newer libiberty may reduce the attack surface. The upstream version was fixed with https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=243568
The text was updated successfully, but these errors were encountered: