Bug 88539 - A memory leak issue was discovered in cplus-dem.c
Summary: A memory leak issue was discovered in cplus-dem.c
Status: RESOLVED WONTFIX
Alias: None
Product: gcc
Classification: Unclassified
Component: demangler (show other bugs)
Version: unknown
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-18 15:04 UTC by Cheng Wen
Modified: 2019-01-09 16:06 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments
POC1 (162 bytes, application/octet-stream)
2018-12-18 15:04 UTC, Cheng Wen
Details
POC2 (130 bytes, application/octet-stream)
2018-12-18 15:04 UTC, Cheng Wen
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Cheng Wen 2018-12-18 15:04:24 UTC
Created attachment 45255 [details]
POC1

Hi there,

A memory leak issue was discovered in cplus-dem.c, as distributed in GNU Binutils 2.31. 
In demangle_template function in cplus-dem.c, the are many heap allocations. But these heap allocations didn't deallocate in the end. 

Please use the "./cxxfilt -t < $POC" to reproduce the bug.
To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command:

> export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1


The Leak Sanitizer dumps the stack trace as follows:

> =================================================================
> ==16096==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
>     #1 0x8247c9 in xmalloc xmalloc.c:147
>     #2 0x7cf501 in demangle_template cplus-dem.c:2228
>     #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691
>     #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743
>     #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971
>     #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253
>     #7 0x7c4464 in cplus_demangle cplus-dem.c:918
>     #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62
>     #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276
>     #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Indirect leak of 2 byte(s) in 1 object(s) allocated from:
>     #0 0x7f1c50822602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
>     #1 0x8247c9 in xmalloc xmalloc.c:147
>     #2 0x7d0439 in demangle_template cplus-dem.c:2327
>     #3 0x7cb3a5 in demangle_signature cplus-dem.c:1691
>     #4 0x7d39fd in iterate_demangle_function cplus-dem.c:2743
>     #5 0x7d5e9e in demangle_prefix cplus-dem.c:2971
>     #6 0x7c6dfa in internal_cplus_demangle cplus-dem.c:1253
>     #7 0x7c4464 in cplus_demangle cplus-dem.c:918
>     #8 0x4033b3 in demangle_it binutils-2.31_ASAN/binutils/cxxfilt.c:62
>     #9 0x403f1f in main binutils-2.31_ASAN/binutils/cxxfilt.c:276
>     #10 0x7f1c4f4cf82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> SUMMARY: AddressSanitizer: 10 byte(s) leaked in 2 allocation(s).
Comment 1 Cheng Wen 2018-12-18 15:04:37 UTC
Created attachment 45256 [details]
POC2
Comment 2 nsl 2019-01-02 16:37:31 UTC
This looks to be CVE-2018-20657.
Comment 3 Nick Clifton 2019-01-09 16:06:00 UTC
Sorry, but a leak of 10 bytes is just not serious enough to be worth
worrying about.  Especially when these programs do not run continuously
but instead terminate shortly after they are invoked.