[PATCH] Set DEMANGLE_RECURSION_LIMIT to 1536
Mon Dec 10 15:31:00 GMT 2018
> Apologies in advance if this has been covered, as I've only been half-
> watching this thread, but is it always the case that the recursion
> depth can be bounded by some scalar multiple of the number of
> characters in the name?
Probably, but the point of this patch is to add a fixed limit that
prevents too much recursion from being performed. The CVEs that I
have been trying to fix have been using mangled names with 20K-30K
characters in them, so creating a recursion limit based on the
length of the input would not prevent the stack exhaustion. :-(
My hope is that we can choose a value that will allow any realistic
mangled name to be decoded, but which will prevent these fuzzers from
generating arbitrary length strings which exhaust the machines resources.
More information about the Gcc-patches