[Bug binutils/27693] New: Gprof (GNU Binutils for Debian) 2.36.1 ,stack overflow occured when call the function "demangle_path"

[2243829852 at qq dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=27693

            Bug ID: 27693
           Summary: Gprof (GNU Binutils for Debian) 2.36.1 ,stack overflow
                    occured when call the function "demangle_path"
           Product: binutils
           Version: 2.36.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 2243829852 at qq dot com
  Target Milestone: ---

Created attachment 13347
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13347&action=edit
the file could trigger the bug

Vulnerability triggered environment：ubuntu18.04,gcc 7.5

command line:  gprof crash   gmon.out

Notice: the gmon.out must use the file offered by me

the bug detail as follow:

==43090== Memcheck, a memory error detector
==43090== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==43090== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==43090== Command: ./binutils-2.36.1/gprof/gprof
crashes_fair/id:000000,sig:11,src:005586,op:flip1,pos:14002 temp/gmon.out
==43090== Parent PID: 2375
==43090== 
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090== 
==43090== Process terminating with default action of signal 11 (SIGSEGV)
==43090==  Access not within mapped region at address 0x1FFE801FF8
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090==    at 0x1FA0F6: demangle_path (rust-demangle.c:664)
==43090==  If you believe this happened as a result of a stack
==43090==  overflow in your program's main thread (unlikely but
==43090==  possible), you can try to increase the size of the
==43090==  main thread stack using the --main-stacksize= flag.
==43090==  The main thread stack size used in this run was 8388608.
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090== 
==43090== Process terminating with default action of signal 11 (SIGSEGV)
==43090==  Access not within mapped region at address 0x1FFE801FF0
==43090== Stack overflow in thread #1: can't grow stack to 0x1ffe801000
==43090==    at 0x402A12A: _vgnU_freeres (vg_preloaded.c:57)
==43090==  If you believe this happened as a result of a stack
==43090==  overflow in your program's main thread (unlikely but
==43090==  possible), you can try to increase the size of the
==43090==  main thread stack using the --main-stacksize= flag.
==43090==  The main thread stack size used in this run was 8388608.
==43090== 
==43090== HEAP SUMMARY:
==43090==     in use at exit: 624,621 bytes in 56 blocks
==43090==   total heap usage: 117 allocs, 61 frees, 1,206,479 bytes allocated
==43090== 
==43090== LEAK SUMMARY:
==43090==    definitely lost: 0 bytes in 0 blocks
==43090==    indirectly lost: 0 bytes in 0 blocks
==43090==      possibly lost: 0 bytes in 0 blocks
==43090==    still reachable: 624,621 bytes in 56 blocks

I analyse the source code ,found that the function "demangle_path" in
rust-demangle.c and the function "demangle_type"
call each other without stopping.Finally，This results in a stack overflow

-- 
You are receiving this mail because:
You are on the CC list for the bug.