This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)

Hi Ian,

  *sigh* 5 minutes after sending the patch for this PR, I realised that
   I had made a mistake.  I should have conditionalized the limit on the
   number of supported qualifiers, so that the check is only made if we
   have resource limits enabled.  Like this:


Index: libiberty/cplus-dem.c
--- libiberty/cplus-dem.c	(revision 267043)
+++ libiberty/cplus-dem.c	(working copy)
@@ -3443,6 +3443,20 @@
       success = 0;
+  if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0)
+    {
+      /* PR 87241: Catch malicious input that will try to trick this code into
+	 allocating a ridiculous amount of memory via the remember_Ktype()
+	 function.
+	 The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary.  Possibly
+	 a better solution would be to track how much memory remember_Ktype
+	 allocates and abort when some upper limit is reached.  */
+      if (qualifiers > DEMANGLE_RECURSION_LIMIT)
+	/* FIXME: We ought to have some way to tell the user that
+	   this limit has been reached.  */
+	success = 0;
+    }
   if (!success)
     return success;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]