[llvm-bugs] Issue 14201 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in llvm::ms_demangle::Demangler::demangleTemplateInstantiationName
tha… via monorail via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Jul 22 09:57:26 PDT 2019
Comment #4 on issue 14201 by thakis at chromium.org:
llvm/llvm-microsoft-demangle-fuzzer: Stack-overflow in
llvm::ms_demangle::Demangler::demangleTemplateInstantiationName
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14201#c4
The issue here is that demangleTemplateInstantiationName keeps a
BackrefContext on the stack, and that is 22 pointers large. So stack_size /
176 is the max number of template instantiation names that work.
The report "only" has 57 calls to demangleTemplateInstantiationName on the
stack, which is only 10kB large. Maybe oss-fuzz runs with a small stack
ulimit?
Moving BackrefContext to the heap would probably extend the runway until
this happens a lot, but it'd still happen eventually and in practice even
57 calls is very far away from what realistic inputs will have. So I'm not
sure anything needs to be done here.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190722/29507537/attachment-0001.html>
More information about the llvm-bugs
mailing list