Bug 88539 - A memory leak issue was discovered in cplus-dem.c
Summary: A memory leak issue was discovered in cplus-dem.c
Status: RESOLVED WONTFIX
Alias: None
Product: gcc
Classification: Unclassified
Component: demangler (show other bugs)
Version: unknown
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-18 15:04 UTC by Cheng Wen
Modified: 2019-01-09 16:06 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
POC1 (162 bytes, application/octet-stream)
2018-12-18 15:04 UTC, Cheng Wen 		Details
POC2 (130 bytes, application/octet-stream)
2018-12-18 15:04 UTC, Cheng Wen 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cheng Wen 2018-12-18 15:04:24 UTC 
Created attachment 45255 [details]
POC1

Hi there,

A memory leak issue was discovered in cplus-dem.c, as distributed in GNU Binutils 2.31. 
In demangle_template function in cplus-dem.c, the are many heap allocations. But these heap allocations didn't deallocate in the end. 

Please use the "./cxxfilt -t < $POC" to reproduce the bug.
To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command:

> export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1


The Leak Sanitizer dumps the stack trace as follows:

> =================================================================
> ==16096==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
>     #1 0x8247c9 in xmalloc xmalloc.c:147
>     #2 0x7cf501 in demangle_template cplus-dem.c:2228
>     #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691
>     #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743
>     #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971
>     #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253
>     #7 0x7c4464 in cplus_demangle cplus-dem.c:918
>     #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62
>     #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276
>     #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Indirect leak of 2 byte(s) in 1 object(s) allocated from:
>     #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
>     #1 0x8247c9 in xmalloc xmalloc.c:147
>     #2 0x7d0439 in demangle_template cplus-dem.c:2327
>     #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691
>     #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743
>     #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971
>     #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253
>     #7 0x7c4464 in cplus_demangle cplus-dem.c:918
>     #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62
>     #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276
>     #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> SUMMARY: AddressSanitizer: 10 byte(s) leaked in 2 allocation(s).
Comment 1 Cheng Wen 2018-12-18 15:04:37 UTC 
Created attachment 45256 [details]
POC2
Comment 2 nsl 2019-01-02 16:37:31 UTC 
This looks to be CVE-2018-20657.
Comment 3 Nick Clifton 2019-01-09 16:06:00 UTC 
Sorry, but a leak of 10 bytes is just not serious enough to be worth
worrying about.  Especially when these programs do not run continuously
but instead terminate shortly after they are invoked.