This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug demangler/85453] New: OOM-Bug in cxxfilt / C++ name demangler (binuitils-2.30-15ubuntu1)

From: "sergej at schumilo dot de" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Wed, 18 Apr 2018 14:35:37 +0000
Subject: [Bug demangler/85453] New: OOM-Bug in cxxfilt / C++ name demangler (binuitils-2.30-15ubuntu1)
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453

            Bug ID: 85453
           Summary: OOM-Bug in cxxfilt / C++ name demangler
                    (binuitils-2.30-15ubuntu1)
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: demangler
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sergej at schumilo dot de
  Target Milestone: ---

Dear all,
according to the bintutils maintainers the following OOM-bug is in the C++ name
demangler (instead of the binutils application cxxfilt), which is part of the
libiberty library. 

This is the original binutils bug report
(https://sourceware.org/bugzilla/show_bug.cgi?id=23059):

-----------------------------------------------------------------------------

Dear all,
after reporting the following bugs to the Ubuntu security team
(https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101), we were
asked to report them directly to the binutils developers: 

----------------------------------------------------

Dear all,
The following binutils cxxfilt OOM bug was found by a modified version of the
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and
an ASAN report.

Steps to reproduce:

Build current verison of binutils:

```
pull-lp-source binutils
cd binutils-2.30
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb"
LDFLAGS="-fsanitize=address" ./configure
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address
-ggdb" CXXFLAGS="-fsanitize=address
-fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
```

Run inputs under ASAN:

```
ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
```

We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4
LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700
CPU @ 3.40GHz server machine with 32GB RAM.

Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität
Bochum)

Best regards,
Sergej Schumilo

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]