This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug c++/19597] Buffer Overflow during Demangling
- From: "boehme.marcel at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Tue, 09 Aug 2016 03:23:00 +0000
- Subject: [Bug c++/19597] Buffer Overflow during Demangling
- Auto-submitted: auto-generated
- References: <bug-19597-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19597
--- Comment #2 from Marcel Böhme <boehme.marcel at gmail dot com> ---
This observation is correct and was discussed in the code review of the patch
for PR/19597. The problem is that the untrusted binary can specify the number
of iterations for a certain loop to be arbitrarily high resulting in an integer
overflow and subsequently in a buffer overflow. Bounding the number of loop
iterations is not an option
(https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00181.html). So we settled for
preventing the integer overflow (which happens only after a few minutes) and
aborting with xmalloc_failed
(https://gcc.gnu.org/ml/gcc-patches/2016-04/msg00072.html).
The conclusion was that the buffer overflow vulnerability is gone and --
assuming that normal binaries do not specify such a high number of loop
iterations -- the exhausted memory after a long wait might not be a bug in
practical terms.
--
You are receiving this mail because:
You are on the CC list for the bug.