[Bug demangler/101798] New: rust-demangle.c infinite recursion

[shaohua.li at inf dot ethz.ch]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101798

            Bug ID: 101798
           Summary: rust-demangle.c infinite recursion
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: demangler
          Assignee: unassigned at gcc dot gnu.org
          Reporter: shaohua.li at inf dot ethz.ch
  Target Milestone: ---

Created attachment 51267
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51267&action=edit
poc

Hi there,

I found a stack-overflow in rust-demangle.c when fuzzing binutils. I was
instructed to report this bug here by binutils's maintainers. See details
below.

- binutils version: 2.38(Head), commit af51804103a08cd1e12edc4f4a30eec2c5c4f9e8
- Compiler: clang12
- Platform: Ubuntu 18.04.5 LTS, x86_64
- Reproduce: run `nm-new -C poc`

AddressSanitizer report:

==498==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd9daa0d88 (pc
0x0000004967a6 bp 0x7ffd9daa15d0 sp 0x7ffd9daa0d90 T0)
    #0 0x4967a6 in __asan_memcpy (/out_bin/nm-new+0x4967a6)
    #1 0x163535e in str_buf_append
/binutils_latest/repo/libiberty/./rust-demangle.c:1493:3
    #2 0x1635278 in str_buf_demangle_callback
/binutils_latest/repo/libiberty/./rust-demangle.c:1500:3
    #3 0x1631f3b in print_str
/binutils_latest/repo/libiberty/./rust-demangle.c:273:5
    #4 0x163662c in demangle_type
/binutils_latest/repo/libiberty/./rust-demangle.c:893:7
    #5 0x1634b7f in demangle_path
/binutils_latest/repo/libiberty/./rust-demangle.c:747:7
    #6 0x16372f6 in demangle_type
/binutils_latest/repo/libiberty/./rust-demangle.c:1031:7
...