This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c++/19597] Buffer Overflow during Demangling

From: "boehme.marcel at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Tue, 09 Aug 2016 03:23:00 +0000
Subject: [Bug c++/19597] Buffer Overflow during Demangling
Auto-submitted: auto-generated
References: <bug-19597-4717@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=19597

--- Comment #2 from Marcel Böhme <boehme.marcel at gmail dot com> ---
This observation is correct and was discussed in the code review of the patch
for PR/19597. The problem is that the untrusted binary can specify the number
of iterations for a certain loop to be arbitrarily high resulting in an integer
overflow and subsequently in a buffer overflow. Bounding the number of loop
iterations is not an option
(https://gcc.gnu.org/ml/gcc-patches/2016-03/msg00181.html). So we settled for
preventing the integer overflow (which happens only after a few minutes) and
aborting with xmalloc_failed
(https://gcc.gnu.org/ml/gcc-patches/2016-04/msg00072.html).

The conclusion was that the buffer overflow vulnerability is gone and --
assuming that normal binaries do not specify such a high number of loop
iterations -- the exhausted memory after a long wait might not be a bug in
practical terms.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]