This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Fix for PR70909 in Libiberty Demangler (4)
- From: Marcel Böhme <boehme dot marcel at gmail dot com>
- To: Pedro Alves <palves at redhat dot com>
- Cc: Jason Merrill <jason at redhat dot com>, gcc-patches List <gcc-patches at gcc dot gnu dot org>, Bernd Schmidt <bschmidt at redhat dot com>, Jeff Law <law at redhat dot com>
- Date: Mon, 18 Jul 2016 10:29:09 +0800
- Subject: Re: Fix for PR70909 in Libiberty Demangler (4)
- Authentication-results: sourceware.org; auth=none
- References: <898C33FE-A3F5-4B1D-A4C7-6DBB45722B2F@gmail.com> <CADzB+2mF0oXwXWwx+WqQ43-NsOS6vhOdkR1R66Obu-8kibfwvQ@mail.gmail.com> <0B429217-2A50-4AC8-BC28-E87B1A3003C5@gmail.com> <f7f25d3c-8021-6a24-cf0d-9d2283f6ee09@redhat.com>
Hi,
This patch is still pending a full review.
Best regards,
- Marcel
> On 30 Jun 2016, at 12:09 AM, Pedro Alves <palves@redhat.com> wrote:
>
> On 06/29/2016 08:43 AM, Marcel Böhme wrote:
>> Hi Jason,
>>
>> These test cases are generated by fuzzing which produces a lot of nonsensical input data.
>> I think, "Garbage In, Garbage Out" is quite applicable here.
>> With the patch at least it doesn’t crash and fixes the vulnerability.
>
> Note that demangling shows up high in gdb profiles when loading
> huge programs. If we can avoid quadratic or worse complexity,
> it'd preferred.
>
> Thanks,
> Pedro Alves
>