Message ID | 9a6bd69b680ed6c5dc6eaeb97e6994b6be5721e6.camel@lsferreira.net |
---|---|
State | Committed |
Commit | b3585c0836e729bed56b9afd4292177673a25ca0 |
Headers |
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CEE743858007 for <patchwork@sourceware.org>; Wed, 22 Sep 2021 01:31:26 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from 18.mo4.mail-out.ovh.net (18.mo4.mail-out.ovh.net [188.165.54.143]) by sourceware.org (Postfix) with ESMTPS id 4B6003858C3A for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 01:31:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4B6003858C3A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=lsferreira.net Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=lsferreira.net Received: from player789.ha.ovh.net (unknown [10.110.208.120]) by mo4.mail-out.ovh.net (Postfix) with ESMTP id BFFEF288407 for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 03:31:06 +0200 (CEST) Received: from lsferreira.net (252.131.62.94.rev.vodafone.pt [94.62.131.252]) (Authenticated sender: contact@lsferreira.net) by player789.ha.ovh.net (Postfix) with ESMTPSA id EBDEC2264F9C9 for <gcc-patches@gcc.gnu.org>; Wed, 22 Sep 2021 01:31:04 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-98R00292da3f33-5e97-44d0-aa3b-a6865be705c4, 6B7DC8684C863CDF2695C85991612992A54CE275) smtp.auth=contact@lsferreira.net X-OVh-ClientIp: 94.62.131.252 Message-ID: <9a6bd69b680ed6c5dc6eaeb97e6994b6be5721e6.camel@lsferreira.net> Subject: [PATCH] libiberty: prevent null dereferencing on dlang_type From: =?iso-8859-1?q?Lu=EDs?= Ferreira <contact@lsferreira.net> To: gcc-patches@gcc.gnu.org Date: Wed, 22 Sep 2021 02:31:03 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-tuGA/h2A8MtXrZ9XHzs2" User-Agent: Evolution 3.40.4 MIME-Version: 1.0 X-Ovh-Tracer-Id: 9753107944679667735 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvtddrudeiiedggedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefkuffhrhfvffgtfgggsehgtderredtreejnecuhfhrohhmpefnuhovshcuhfgvrhhrvghirhgruceotghonhhtrggttheslhhsfhgvrhhrvghirhgrrdhnvghtqeenucggtffrrghtthgvrhhnpeeutdduveehjeetheehtddvieffiedugfehgffhfeegtdfhvdegfeefieevveegkeenucfkpheptddrtddrtddrtddpleegrdeivddrudefuddrvdehvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejkeelrdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomheptghonhhtrggttheslhhsfhgvrhhrvghirhgrrdhnvghtpdhrtghpthhtohepghgttgdqphgrthgthhgvshesghgttgdrghhnuhdrohhrgh X-Spam-Status: No, score=-13.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org> List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe> List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/> List-Post: <mailto:gcc-patches@gcc.gnu.org> List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help> List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe> Reply-To: lsferreira@riseup.net Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> |
Series |
libiberty: prevent null dereferencing on dlang_type
|
|
Commit Message
Luís Ferreira
Sept. 22, 2021, 1:31 a.m. UTC
This patch prevents dereferencing a null reference on a crafted
malformed magled name, often causing SIGSEGV to be raised.
Signed-off-by: Luís Ferreira <contact@lsferreira.net>
---
libiberty/d-demangle.c | 2 +-
libiberty/testsuite/d-demangle-expected | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
Comments
> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote: > > > This patch prevents dereferencing a null reference on a crafted > malformed magled name, often causing SIGSEGV to be raised. > OK, seems reasonable to me. > Signed-off-by: Luís Ferreira <contact@lsferreira.net> > --- > libiberty/d-demangle.c | 2 +- > libiberty/testsuite/d-demangle-expected | 5 ++++- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c > index a2152cc65518..469398261994 100644 > --- a/libiberty/d-demangle.c > +++ b/libiberty/d-demangle.c > @@ -875,7 +875,7 @@ dlang_type (string *decl, const char *mangled, > struct dlang_info *info) > szmods = string_length (&mods); > > /* Back referenced function type. */ > - if (*mangled == 'Q') > + if (mangled && *mangled == 'Q') > mangled = dlang_type_backref (decl, mangled, info, 1); > else > mangled = dlang_function_type (decl, mangled, info); > diff --git a/libiberty/testsuite/d-demangle-expected > b/libiberty/testsuite/d-demangle-expected > index c35185c3e1e3..799f4724b72e 100644 > --- a/libiberty/testsuite/d-demangle-expected > +++ b/libiberty/testsuite/d-demangle-expected > @@ -991,11 +991,14 @@ _D88 > _D5__T1aZv > _D5__T1aZv > # > ---format=dlang > _D00 > _D00 > # > --format=dlang > +_D01_D > +_D01_D > +# > +--format=dlang > _D9223372036854775817 > _D9223372036854775817 > #
On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote: >> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote: >> >> >> This patch prevents dereferencing a null reference on a crafted >> malformed magled name, often causing SIGSEGV to be raised. >> > OK, seems reasonable to me. I pushed this to the trunk. Thanks, jeff
On Thu, Sep 23, 2021 at 8:55 AM Jeff Law via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > > > On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote: > >> On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote: > >> > >> > >> This patch prevents dereferencing a null reference on a crafted > >> malformed magled name, often causing SIGSEGV to be raised. > >> > > OK, seems reasonable to me. > I pushed this to the trunk. > > Thanks, > jeff > This caused: FAIL at line 997: unknown demangling style _D00 FAIL at line 1001: unknown demangling style _D01_D FAIL at line 1005: unknown demangling style _D9223372036854775817 FAIL at line 1009: unknown demangling style _D1az FAIL at line 1013: unknown demangling style _D1aN FAIL at line 1017: unknown demangling style _D1aF FAIL at line 1021: unknown demangling style _D1aM FAIL at line 1025: unknown demangling style _D1aFZNz FAIL at line 1029: unknown demangling style _D1aFNzZv FAIL at line 1033: unknown demangling style _D4testFDX FAIL at line 1037: unknown demangling style _D5__T0aZv FAIL at line 1041: unknown demangling style _D10__T4testYZv FAIL at line 1045: unknown demangling style _D4testFBaZv FAIL at line 1049: unknown demangling style _D8__T4test FAIL at line 1053: unknown demangling style _D10__T4testVi FAIL at line 1057: unknown demangling style _D10__T4testVai ... FAIL at line 1445: unknown demangling style _D3mod4funcFZ__T6nestedTiZQkMFNaNbNiNfZi FAIL at line 1449: unknown demangling style _D3mod4funcFZ__T6nestedTiZ4__S1QpMFNaNbNiNfZi FAIL at line 1452: unknown demangling style _D6mangle__T8fun21753VSQv6S21753S1f_DQBj10__lambda71MFNaNbNiNfZvZQCbQp ./test-demangle: 359 tests, 115 failures make[5]: *** [Makefile:55: check-d-demangle] Error 1
Hi, Yes, I'm sorry, I forgot to add --format=dlang parameter. This patch fixes it https://gcc.gnu.org/pipermail/gcc-patches/2021-September/580544.html . On Fri, 2021-10-01 at 07:23 -0700, H.J. Lu wrote: > On Thu, Sep 23, 2021 at 8:55 AM Jeff Law via Gcc-patches > <gcc-patches@gcc.gnu.org> wrote: > > > > > > > > On 9/23/2021 4:17 AM, ibuclaw--- via Gcc-patches wrote: > > > > On 22/09/2021 03:31 Luís Ferreira <contact@lsferreira.net> wrote: > > > > > > > > > > > > This patch prevents dereferencing a null reference on a crafted > > > > malformed magled name, often causing SIGSEGV to be raised. > > > > > > > OK, seems reasonable to me. > > I pushed this to the trunk. > > > > Thanks, > > jeff > > > > This caused: > > FAIL at line 997: unknown demangling style _D00 > FAIL at line 1001: unknown demangling style _D01_D > FAIL at line 1005: unknown demangling style _D9223372036854775817 > FAIL at line 1009: unknown demangling style _D1az > FAIL at line 1013: unknown demangling style _D1aN > FAIL at line 1017: unknown demangling style _D1aF > FAIL at line 1021: unknown demangling style _D1aM > FAIL at line 1025: unknown demangling style _D1aFZNz > FAIL at line 1029: unknown demangling style _D1aFNzZv > FAIL at line 1033: unknown demangling style _D4testFDX > FAIL at line 1037: unknown demangling style _D5__T0aZv > FAIL at line 1041: unknown demangling style _D10__T4testYZv > FAIL at line 1045: unknown demangling style _D4testFBaZv > FAIL at line 1049: unknown demangling style _D8__T4test > FAIL at line 1053: unknown demangling style _D10__T4testVi > FAIL at line 1057: unknown demangling style _D10__T4testVai > ... > FAIL at line 1445: unknown demangling style > _D3mod4funcFZ__T6nestedTiZQkMFNaNbNiNfZi > FAIL at line 1449: unknown demangling style > _D3mod4funcFZ__T6nestedTiZ4__S1QpMFNaNbNiNfZi > FAIL at line 1452: unknown demangling style > _D6mangle__T8fun21753VSQv6S21753S1f_DQBj10__lambda71MFNaNbNiNfZvZQCbQp > ./test-demangle: 359 tests, 115 failures > make[5]: *** [Makefile:55: check-d-demangle] Error 1 > >
diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c index a2152cc65518..469398261994 100644 --- a/libiberty/d-demangle.c +++ b/libiberty/d-demangle.c @@ -875,7 +875,7 @@ dlang_type (string *decl, const char *mangled, struct dlang_info *info) szmods = string_length (&mods); /* Back referenced function type. */ - if (*mangled == 'Q') + if (mangled && *mangled == 'Q') mangled = dlang_type_backref (decl, mangled, info, 1); else mangled = dlang_function_type (decl, mangled, info); diff --git a/libiberty/testsuite/d-demangle-expected b/libiberty/testsuite/d-demangle-expected index c35185c3e1e3..799f4724b72e 100644 --- a/libiberty/testsuite/d-demangle-expected +++ b/libiberty/testsuite/d-demangle-expected @@ -991,11 +991,14 @@ _D88 _D5__T1aZv _D5__T1aZv # ---format=dlang _D00 _D00 # --format=dlang +_D01_D +_D01_D +# +--format=dlang _D9223372036854775817 _D9223372036854775817 #