Created attachment 14122 [details] infinite loop artifacts We found an infinite loop in `nm`. We describe our best effort to understand the vulnerability below. We attach the relevant files as well. *Location* https://github.com/bminor/binutils-gdb/blob/binutils-2_36-branch/libiberty/cp-demangle.c#L1548 *Description* While loop never terminates, as the intermediate conditional statements are not satisfied. *Fix* Convert while loop to a bounded for loop statement.
This demangler bug is already fixed in the gcc libiberty sources. It will be fixed for mainline binutils at the next import of libiberty, which I'm about to do. A simpler reproducer is c++filt _Z6NU_EH_FRAsrrtDR
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2918df9368abdedffe2e2be1c93c760d85d545ab commit 2918df9368abdedffe2e2be1c93c760d85d545ab Author: Alan Modra <amodra@gmail.com> Date: Tue May 31 16:59:12 2022 +0930 Import libiberty from gcc PR 29200 include/ * ansidecl.h, * demangle.h: Import from gcc. libiberty/ * cp-demangle.c, * testsuite/demangle-expected: Import from gcc.
Thanks for the info. Do you think notifying users through a CVE is appropriate, given the exploitable nature (e.g., denial of service)?
No, I don't think a CVE is needed.