From patchwork Thu Jul 15 14:59:51 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nick Clifton <nickc@redhat.com>
X-Patchwork-Id: 1505751
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org;
 envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256
 header.s=default header.b=EXrHIuKg;
	dkim-atps=neutral
Received: from sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GQcxV2vnhz9sV8
	for <incoming@patchwork.ozlabs.org>; Fri, 16 Jul 2021 01:00:30 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id F10563988401
	for <incoming@patchwork.ozlabs.org>; Thu, 15 Jul 2021 15:00:27 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F10563988401
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1626361228;
	bh=HCtNqz6IgZxTvzR7q0z59xoXOiPQd4B09Kw/XkDZMKs=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=EXrHIuKgNfT+J00AdgdJuTfDK40znPNeDB8rJ2acV0pJ2VU3lPPPOv3EsrViP6Bp9
	 Urhlg0Z2/zX9b4sD1vXqZ9X6fPdhPRiolUfdA+TqGjqDAzGrRa1oeAiK1wQiSZBBDk
	 QAgTMriyBRx6vu9AR2t4IOdQzyb+tu5DwRAhyc8Y=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id D8DD43985030
 for <gcc-patches@gcc.gnu.org>; Thu, 15 Jul 2021 14:59:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D8DD43985030
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
 [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-309-J-SHf9ieNTG7H_VHdYpDWw-1; Thu, 15 Jul 2021 10:59:54 -0400
X-MC-Unique: J-SHf9ieNTG7H_VHdYpDWw-1
Received: by mail-wr1-f69.google.com with SMTP id
 k3-20020a5d52430000b0290138092aea94so3459933wrc.20
 for <gcc-patches@gcc.gnu.org>; Thu, 15 Jul 2021 07:59:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :mime-version:content-language;
 bh=HCtNqz6IgZxTvzR7q0z59xoXOiPQd4B09Kw/XkDZMKs=;
 b=DTtsmP/BQwh+PLhrXxz4NFSEoAVd89H+2jE15M1jNZlQetCtGd/Hya1JbgdyZQd9T3
 FHyzBv+D+qgP65xHJihEL+qCGQccH3d6/MIP813lqge6cpqceq/1wI4Yuk8p0nqtY5RH
 E9pAhLgq/cJN2UEM3ptyclQl61zqDouTXG5xB95HuX4/rJLczb9XS7RN4983pxQN7UkR
 DvXYB10WLjcb/GRWEMLF8W/m4bMyPpHd9ptjDnM1SJq0FxvAjjYed49+0dQ4oeUBswrB
 P8wRLXR/9x9f8mYZSMxhoWRLVfwEhzHGpYp64Wj4GEltl9wNaIS+xDzeffXHpJHqQW7Z
 Bt6A==
X-Gm-Message-State: AOAM531jGPZTc5DaxqqBgwmMaJw22Np3G3NJtiMM8eDt7YW9Z0IBNXA/
 fxHNfrSKuHqcbu/GCXD4gxG4nPtqueFa9GWYqHruSl4x3+gQ3HEzZeiZgFsVLLM6JIO+N4W8qOS
 OnlyN3b1xMVGgT4HPchmnCcRtJJHyXk59MfQOxKp9c2V38RnJ3kNk/bhsbn86ZgEQWA==
X-Received: by 2002:a1c:e90d:: with SMTP id q13mr5016215wmc.163.1626361193085;
 Thu, 15 Jul 2021 07:59:53 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJy3L0/5vpX86aTfLHmK6C4L66Gpm7DKuhdThHJ5ThlUc2uRurNiM5bvsTnkS3uICBRS5sZDZA==
X-Received: by 2002:a1c:e90d:: with SMTP id q13mr5016177wmc.163.1626361192678;
 Thu, 15 Jul 2021 07:59:52 -0700 (PDT)
Received: from [192.168.1.5] ([80.168.238.114])
 by smtp.gmail.com with ESMTPSA id x1sm5285774wmc.31.2021.07.15.07.59.51
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 15 Jul 2021 07:59:52 -0700 (PDT)
To: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: RFA: Libiberty: Fix stack exhaunstion demangling corrupt rust names
Message-ID: <d72930a5-9efe-8278-8e07-1d3bb61fe0d2@redhat.com>
Date: Thu, 15 Jul 2021 15:59:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.1
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-GB
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Nick Clifton via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Nick Clifton <nickc@redhat.com>
Reply-To: Nick Clifton <nickc@redhat.com>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

Hi Guys,

   Attached is a proposed patch to fix PR 99935 and 100968, both
   of which are stack exhaustion problems in libiberty's Rust
   demangler.  The patch adds a recursion limit along the lines
   of the one already in place for the C++ demangler.

   OK to apply ?

Cheers
   Nick

diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
index 6fd8f6a4db0..df09b7b8fdd 100644
--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
@@ -74,6 +74,12 @@ struct rust_demangler
   /* Rust mangling version, with legacy mangling being -1. */
   int version;
 
+  /* Recursion depth.  */
+  uint recursion;
+  /* Maximum number of times demangle_path may be called recursively.  */
+#define RUST_MAX_RECURSION_COUNT  1024
+#define RUST_NO_RECURSION_LIMIT   ((uint) -1)
+
   uint64_t bound_lifetime_depth;
 };
 
@@ -671,6 +677,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
   if (rdm->errored)
     return;
 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	/* FIXME: There ought to be a way to report
+	   that the recursion limit has been reached.  */
+	goto fail_return;
+    }
+
   switch (tag = next (rdm))
     {
     case 'C':
@@ -688,10 +703,7 @@ demangle_path (struct rust_demangler *rdm, int in_value)
     case 'N':
       ns = next (rdm);
       if (!ISLOWER (ns) && !ISUPPER (ns))
-        {
-          rdm->errored = 1;
-          return;
-        }
+	goto fail_return;
 
       demangle_path (rdm, in_value);
 
@@ -776,9 +788,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
         }
       break;
     default:
-      rdm->errored = 1;
-      return;
+      goto fail_return;
     }
+  goto pass_return;
+
+ fail_return:
+  rdm->errored = 1;
+ pass_return:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
 }
 
 static void
@@ -1317,6 +1338,7 @@ rust_demangle_callback (const char *mangled, int options,
   rdm.skipping_printing = 0;
   rdm.verbose = (options & DMGL_VERBOSE) != 0;
   rdm.version = 0;
+  rdm.recursion = (options & DMGL_NO_RECURSE_LIMIT) ? RUST_NO_RECURSION_LIMIT : 0;
   rdm.bound_lifetime_depth = 0;
 
   /* Rust symbols always start with _R (v0) or _ZN (legacy). */