The rust demangler can be pushed into an infinite loop, triggering stack exhaustion:
% cat pr27963
# Reproduced from binutils PR 27963.
# Note - the expected output is wrong. It is just there as a placeholder.
% valgrind ./testsuite/test-demangle < pr27963
==429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000
=429737== Stack overflow in thread #1: can't grow stack to 0x1ffe001000
==429737== at 0x410BA7: demangle_path (rust-demangle.c:742)
Segmentation fault (core dumped)
Created attachment 50777 [details]
Here is a possible patch for the problem, adding a recursion limit to the demangle_path() function.
Note - a variation of this bug appears to have been reported on the Ubuntu mailing lists with a different reproducer:
This patch breaks MinGW, see PR 101779
(In reply to Jonathan Wakely from comment #2)
> This patch breaks MinGW, see PR 101779
But it can be fixed by:
*** Bug 104185 has been marked as a duplicate of this bug. ***
*** Bug 104186 has been marked as a duplicate of this bug. ***
*** Bug 101779 has been marked as a duplicate of this bug. ***
*** Bug 98889 has been marked as a duplicate of this bug. ***
*** Bug 100968 has been marked as a duplicate of this bug. ***
A revised patch to fix this PR has been prroposed on gcc-patches:
The master branch has been updated by Nick Clifton <email@example.com>:
Author: Nick Clifton <firstname.lastname@example.org>
Date: Mon Jan 31 14:28:42 2022 +0000
libiberty: Fix infinite recursion in rust demangler.
* rust-demangle.c (struct rust_demangler): Add a recursion
(demangle_path): Increment/decrement the recursion counter upon
entry and exit. Fail if the counter exceeds a fixed limit.
(rust_demangle_callback): Initialise the recursion counter,
disabling if requested by the option flags.
Fixed on mainline.