https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
Michael Matz <matz at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |matz at gcc dot gnu.org
--- Comment #1 from Michael Matz <matz at gcc dot gnu.org> ---
Similar to https://sourceware.org/bugzilla/show_bug.cgi?id=23008,
the testcase contains a mangled name with roughly 29000 successive 'E'
characters. Processing one 'E' character involves calling these three
routines:
5 0x00000000004e8901 in demangle_expression (work=0x7fffffffd810,
mangled=0x7fffffffd710,
s=0x7fffffffd540, tk=tk_integral) at ../../libiberty/cplus-dem.c:1895
1895 success = demangle_template_value_parm (work, mangled, s, tk);
(gdb)
#4 0x00000000004e98cb in demangle_template_value_parm (work=0x7fffffffd810,
mangled=0x7fffffffd710,
s=0x7fffffffd540, tk=tk_integral) at ../../libiberty/cplus-dem.c:2069
2069 success = demangle_integral_value (work, mangled, s);
(gdb)
#3 0x00000000004e8b82 in demangle_integral_value (work=0x7fffffffd810,
mangled=0x7fffffffd710,
s=0x7fffffffd540) at ../../libiberty/cplus-dem.c:1916
1916 success = demangle_expression (work, mangled, s, tk_integral);
That advances *mangled by one character and uses 496 bytes of stack while
doing that (when compiled by gcc-6 with address sanitizer). The linux default
stack of 8 MB is good for 16893 of the E characters until stack overflow
occurs.
Without sanitizer we need less stack per recursion level, so that the testcase
doesn't cause a proplem (but just increasing the number of 'E' will make
it segfault there as well).
It seems all is working as designed, you request it to demangle a recursive
structure of > 20000 levels deep and get what can be expected from that, a
stack
overflow.
