From patchwork Fri Jul  1 15:12:45 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nick Clifton <nickc@redhat.com>
X-Patchwork-Id: 55640
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 50934385C412
	for <patchwork@sourceware.org>; Fri,  1 Jul 2022 15:13:21 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 50934385C412
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1656688401;
	bh=WIBpsAjhi8Zb5W6KLkLhfwYbsXBaPMa8yacsR9NAz6g=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=cAX/0V+XHw92LEnP+zKMLD0tPVJYyXwul+G4+uc4NYUjiJnb0mthOStt1NAdGZiS1
	 8S/gZF0scsAB/pYDIMIs12jl95om54D/zRChjiMiXHubazqxDr9t5UPvq3LcW1xmUN
	 i+l+J0yMMXUekM+qc4dGlJzzxQT70lL9Cr2KxF34=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id 49D5F3858D28
 for <gcc-patches@gcc.gnu.org>; Fri,  1 Jul 2022 15:12:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 49D5F3858D28
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-610-H7hQ62g_M4yYhupEJVPv6Q-1; Fri, 01 Jul 2022 11:12:48 -0400
X-MC-Unique: H7hQ62g_M4yYhupEJVPv6Q-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 83913802A5E;
 Fri,  1 Jul 2022 15:12:48 +0000 (UTC)
Received: from comet.redhat.com (unknown [10.39.193.100])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 08EA9492CA4;
 Fri,  1 Jul 2022 15:12:47 +0000 (UTC)
To: jeffreyalaw@gmail.com
Subject: RFA: Another Rust demangler recursion limit
Date: Fri, 01 Jul 2022 16:12:45 +0100
Message-ID: <87y1xcn9xu.fsf@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Nick Clifton via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Nick Clifton <nickc@redhat.com>
Reply-To: Nick Clifton <nickc@redhat.com>
Cc: gcc-patches@gcc.gnu.org
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Hi Jeff,

  [I am sending this to your directly since you seem to be the only one
  reviewing these patches].

  Hot on the heels of the fix for the recursion problem in demangle_const
  a binutils user has filed another PoC that exposes a problem in
  demangle_path_maybe_open_generics():

https://sourceware.org/bugzilla/show_bug.cgi?id=29312#c1

  I have redirected them to file a bug report with the gcc system, but in
  the hopes of getting a fix in quickly I am also attaching a patch
  here.  It just does the obvious thing of adding a recursion counter
  and limit to the function.

Cheers
  Nick

diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
index 36afcfae278..d6daf23af27 100644
--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
@@ -1082,6 +1082,18 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
   if (rdm->errored)
     return open;
 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	{
+	  /* FIXME: There ought to be a way to report
+	     that the recursion limit has been reached.  */
+	  rdm->errored = 1;
+	  goto end_of_func;
+	}
+    }
+
   if (eat (rdm, 'B'))
     {
       backref = parse_integer_62 (rdm);
@@ -1107,6 +1119,11 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
     }
   else
     demangle_path (rdm, 0);
+
+ end_of_func:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+
   return open;
 }