Created attachment 45255 [details] POC1 Hi there, A memory leak issue was discovered in cplus-dem.c, as distributed in GNU Binutils 2.31. In demangle_template function in cplus-dem.c, the are many heap allocations. But these heap allocations didn't deallocate in the end. Please use the "./cxxfilt -t < $POC" to reproduce the bug. To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command: > export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1 The Leak Sanitizer dumps the stack trace as follows: > ================================================================= > ==16096==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 8 byte(s) in 1 object(s) allocated from: > #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) > #1 0x8247c9 in xmalloc xmalloc.c:147 > #2 0x7cf501 in demangle_template cplus-dem.c:2228 > #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691 > #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743 > #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971 > #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253 > #7 0x7c4464 in cplus_demangle cplus-dem.c:918 > #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62 > #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276 > #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) > > Indirect leak of 2 byte(s) in 1 object(s) allocated from: > #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) > #1 0x8247c9 in xmalloc xmalloc.c:147 > #2 0x7d0439 in demangle_template cplus-dem.c:2327 > #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691 > #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743 > #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971 > #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253 > #7 0x7c4464 in cplus_demangle cplus-dem.c:918 > #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62 > #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276 > #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) > > SUMMARY: AddressSanitizer: 10 byte(s) leaked in 2 allocation(s).
Created attachment 45256 [details] POC2
This looks to be CVE-2018-20657.
Sorry, but a leak of 10 bytes is just not serious enough to be worth worrying about. Especially when these programs do not run continuously but instead terminate shortly after they are invoked.