Dear Binutils Maintainer, I'm reporting two undefined behavior issues found in binutils-2.43's cxxfilt.
# Build ```shell wget https://ftp.gnu.org/gnu/binutils/binutils-2.43.tar.gz tar -xzf binutils-2.43.tar.gz rm binutils-2.43.tar.gz cd binutils-2.43 CC=clang CXX=clang++ CFLAGS="-g -fsanitize=address,undefined" CXXFLAGS="-g -fsanitize=address,undefined" LDFLAGS="-no-pie -fsanitize=address,undefined" ./configure --disable-shared --enable-gdb CC=clang CXX=clang++ CFLAGS="-g -fsanitize=address,undefined" CXXFLAGS="-g -fsanitize=address,undefined" LDFLAGS="-no-pie -fsanitize=address,undefined" make -j ``` # BUG1 ```sh $ ./binutils/cxxfilt < poc1 rust-demangle.c:1572:20: runtime error: applying zero offset to null pointer #0 0xee454c in str_buf_append /binutils-2.43/libiberty/./rust-demangle.c:1572:20 #1 0xee42d8 in str_buf_demangle_callback /binutils-2.43/libiberty/./rust-demangle.c:1579:3 #2 0xede8b6 in print_str /binutils-2.43/libiberty/./rust-demangle.c:279:5 #3 0xedffc0 in print_ident /binutils-2.43/libiberty/./rust-demangle.c:451:7 #4 0xee2968 in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:695:7 #5 0xee2deb in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:708:7 #6 0xee2deb in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:708:7 #7 0xee37b2 in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:768:7 #8 0xedc7d5 in rust_demangle_callback /binutils-2.43/libiberty/./rust-demangle.c:1482:7 #9 0xee4191 in rust_demangle /binutils-2.43/libiberty/./rust-demangle.c:1593:13 #10 0xe47a71 in cplus_demangle /binutils-2.43/libiberty/./cplus-dem.c:166:13 #11 0x4ccb13 in demangle_it /binutils-2.43/binutils/cxxfilt.c:66:12 #12 0x4cc591 in main /binutils-2.43/binutils/cxxfilt.c:245:4 #13 0x7ffff7cb0d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #14 0x7ffff7cb0e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #15 0x41f544 in _start (/binutils-2.43/binutils/cxxfilt+0x41f544) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior rust-demangle.c:1572:20 in Aborted ``` # BUG2 ```sh $ ./binutils/cxxfilt < poc2 rust-demangle.c:1572:32: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0xee4596 in str_buf_append /binutils-2.43/libiberty/./rust-demangle.c:1572:3 #1 0xee42d8 in str_buf_demangle_callback /binutils-2.43/libiberty/./rust-demangle.c:1579:3 #2 0xede8b6 in print_str /binutils-2.43/libiberty/./rust-demangle.c:279:5 #3 0xedffc0 in print_ident /binutils-2.43/libiberty/./rust-demangle.c:451:7 #4 0xee2968 in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:695:7 #5 0xeebc9f in demangle_path_maybe_open_generics /binutils-2.43/libiberty/./rust-demangle.c:1121:5 #6 0xee9e81 in demangle_dyn_trait /binutils-2.43/libiberty/./rust-demangle.c:1139:10 #7 0xee7b48 in demangle_type /binutils-2.43/libiberty/./rust-demangle.c:1031:11 #8 0xee3747 in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:759:7 #9 0xee2deb in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:708:7 #10 0xee37b2 in demangle_path /binutils-2.43/libiberty/./rust-demangle.c:768:7 #11 0xedc7d5 in rust_demangle_callback /binutils-2.43/libiberty/./rust-demangle.c:1482:7 #12 0xee4191 in rust_demangle /binutils-2.43/libiberty/./rust-demangle.c:1593:13 #13 0xe47a71 in cplus_demangle /binutils-2.43/libiberty/./cplus-dem.c:166:13 #14 0x4ccb13 in demangle_it /binutils-2.43/binutils/cxxfilt.c:66:12 #15 0x4cc591 in main /binutils-2.43/binutils/cxxfilt.c:245:4 #16 0x7ffff7cb0d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #17 0x7ffff7cb0e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #18 0x41f544 in _start (/binutils-2.43/binutils/cxxfilt+0x41f544) ``` Please let me know if you need additional information or clarification. Best Regards, fouzhe
poc1
Description: Binary data
poc2
Description: Binary data
