Headline
CVE-2021-3826: [PATCH] libiberty: prevent null dereferencing on dlang_type
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
Luís Ferreira [email protected]
Wed Sep 22 01:31:03 GMT 2021
- Previous message (by thread): [PATCH v6] c++: Fix cp_tree_equal for template value args using dependent sizeof/alignof/noexcept expressions
- Next message (by thread): [PATCH] libiberty: prevent null dereferencing on dlang_type
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This patch prevents dereferencing a null reference on a crafted malformed magled name, often causing SIGSEGV to be raised.
Signed-off-by: Luís Ferreira <[email protected]>
libiberty/d-demangle.c | 2 ± libiberty/testsuite/d-demangle-expected | 5 +++± 2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c index a2152cc65518…469398261994 100644 — a/libiberty/d-demangle.c +++ b/libiberty/d-demangle.c @@ -875,7 +875,7 @@ dlang_type (string *decl, const char *mangled, struct dlang_info *info) szmods = string_length (&mods);
/\* Back referenced function type. \*/
if (\*mangled == 'Q')
mangled = dlang_type_backref (decl, mangled, info, 1); else mangled = dlang_function_type (decl, mangled, info); diff --git a/libiberty/testsuite/d-demangle-expected b/libiberty/testsuite/d-demangle-expected index c35185c3e1e3…799f4724b72e 100644 — a/libiberty/testsuite/d-demangle-expected +++ b/libiberty/testsuite/d-demangle-expected @@ -991,11 +991,14 @@ _D88 _D5__T1aZv _D5__T1aZvif (mangled && \*mangled == 'Q')
—format=dlang _D00 _D00
–format=dlang +_D01_D +_D01_D +# ±-format=dlang _D9223372036854775817 _D9223372036854775817
-------------- next part -------------- A non-text attachment was scrubbed… Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: https://gcc.gnu.org/pipermail/gcc-patches/attachments/20210922/ddbe2770/attachment.sig\
- Previous message (by thread): [PATCH v6] c++: Fix cp_tree_equal for template value args using dependent sizeof/alignof/noexcept expressions
- Next message (by thread): [PATCH] libiberty: prevent null dereferencing on dlang_type
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Gcc-patches mailing list
Related news
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service. * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of servi...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.