[Bug demangler/87675] Stack Overflow in function next_is_type_qual() in cp-demangle.c, as demonstrated by "nm -C"
sgayou at redhat dot com
gcc-bugzilla@gcc.gnu.org
Tue Nov 27 19:38:00 GMT 2018
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
Scott Gayou <sgayou at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sgayou at redhat dot com
--- Comment #2 from Scott Gayou <sgayou at redhat dot com> ---
As Michael said, this seems to be one of a large number of duplicates.
At least CVE-2018-18484, CVE-2018-18701, and CVE-2018-18700 seems to be a
duplicates. I can only reproduce one of them via setting a lower ulimit -s, and
the crashes all appear to be in cp-demangle.c. The call flows are similar yet
slightly different. My guess is that a recursion limit would fix all of these
hence they are the same root issue.
If upstream agrees, the duplicate CVE assignments can potentially be rejected.
Let me know if anyone else has any evidence or arguments that these are
different -- it is possible I made a mistake in the analysis.
More information about the Gcc-bugs
mailing list