This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)
- From: Nick Clifton <nickc at redhat dot com>
- To: ian at airs dot com
- Cc: gcc-patches at gcc dot gnu dot org, redi at gcc dot gnu dot org
- Date: Wed, 12 Dec 2018 11:40:19 +0000
- Subject: RFA: libiberty: Add a limit on demangling qualifiers (PR 87241) (version 2)
Hi Ian,
*sigh* 5 minutes after sending the patch for this PR, I realised that
I had made a mistake. I should have conditionalized the limit on the
number of supported qualifiers, so that the check is only made if we
have resource limits enabled. Like this:
Cheers
Nick
Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c (revision 267043)
+++ libiberty/cplus-dem.c (working copy)
@@ -3443,6 +3443,20 @@
success = 0;
}
+ if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0)
+ {
+ /* PR 87241: Catch malicious input that will try to trick this code into
+ allocating a ridiculous amount of memory via the remember_Ktype()
+ function.
+ The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary. Possibly
+ a better solution would be to track how much memory remember_Ktype
+ allocates and abort when some upper limit is reached. */
+ if (qualifiers > DEMANGLE_RECURSION_LIMIT)
+ /* FIXME: We ought to have some way to tell the user that
+ this limit has been reached. */
+ success = 0;
+ }
+
if (!success)
return success;