This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: RFA/RFC: Add stack recursion limit to libiberty's demangler
- From: Nick Clifton <nickc at redhat dot com>
- To: Cary Coutant <ccoutant at gmail dot com>, Jakub Jelinek <jakub at redhat dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Binutils <binutils at sourceware dot org>, sgayou at redhat dot com, Jason Merrill <jason at redhat dot com>, Michael Matz <matz at suse dot de>
- Date: Mon, 3 Dec 2018 14:53:36 +0000
- Subject: Re: RFA/RFC: Add stack recursion limit to libiberty's demangler
- References: <87muprdko7.fsf@redhat.com> <20181130084211.GX12380@tucnak> <173817ca-0aa0-e1a2-6725-37e079ead545@redhat.com> <alpine.LSU.2.21.1811301331360.5354@wotan.suse.de> <m35zwe4nqg.fsf@pepe.airs.com> <CAJimCsES7ctTGHWRDHAdEEiwiY3nWCod5xdo4MSSAGDCmk53qg@mail.gmail.com>
Hi Cary,
> In order to handle arbitrary user input without crashing, perhaps the
> demangler should switch from recursive descent parsing to a state
> machine, where exhaustion of resources can be handled gracefully.
I think that that would be a better long term fix for the problem,
but it is not one that I have time to work on right now.
My main goal with this patch submission is to stop the flood of PR
and CVEs about mangled inputs that trigger stack exhaustion. Being
able to properly demangle such inputs would be nice, but not something
that I think should be a priority. I think that in real life no
program is ever going to generate a mangled name that is sufficiently
complex to trigger a seg-fault this way, so the only real purpose of
the patch is to resolve these PRs and stop more from being filed.
Cheers
Nick