https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
Bug ID: 99188
Summary: cxxfilt may exist a uaf
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: zyt1024 at bupt dot edu.cn
Target Milestone: ---
In the version 2.26 of cxxfilt, Valgrind reports an invalid write of size.
# valgrind ./cxxfilt `cat
cxxfilt_12.29-12.30-24h-run3/error_level/level-2-double-54-g165.txt`
==23618== Memcheck, a memory error detector
==23618== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==23618== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==23618== Command: ./cxxfilt $_Q9AEKm__RQ3______xewx_x6_$$[G_O2_2C__:
==23618==
==23618== Invalid write of size 4
==23618== at 0x813A8E5: register_Btype (cplus-dem.c:4319)
==23618== by 0x8138B02: demangle_qualified (cplus-dem.c:3287)
==23618== by 0x8139739: do_type (cplus-dem.c:3771)
==23618== by 0x813A5B4: do_arg (cplus-dem.c:4231)
==23618== by 0x813ADA9: demangle_args (cplus-dem.c:4514)
==23618== by 0x8135A90: demangle_signature (cplus-dem.c:1642)
==23618== by 0x8134D07: internal_cplus_demangle (cplus-dem.c:1203)
==23618== by 0x8134466: cplus_demangle (cplus-dem.c:886)
==23618== by 0x8049A23: demangle_it (cxxfilt.c:62)
==23618== by 0x8049E21: main (cxxfilt.c:227)
==23618== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==23618==
==23618==
..
