https://bugs.kde.org/show_bug.cgi?id=359181
Bug ID: 359181
Summary: Buffer Overflow during Demangling
Product: valgrind
Version: unspecified
Platform: Other
OS: All
Status: UNCONFIRMED
Severity: crash
Priority: NOR
Component: general
Assignee: jsew...@acm.org
Reporter: boehme.mar...@gmail.com
A buffer overflow in cplus-dem.c is caused when Valgrind tries to demangle
specially crafted function arguments in the binary. Both the buffer size as
well as the buffer content are controlled from the binary.
Upstream: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
Reproducible: Always
Steps to Reproduce:
$ cat compileme.c
#include<stdio.h>
#include<stdlib.h>
const char*
____________________X00020A___R0020A__U000R03000N99999999_020A__K000(){
char *p;
p = (char *) malloc(19);
p = (char *) malloc(12);
free(p);
p = (char *) malloc(16);
return "Hello World!";
}
int main()
{
printf("%s\n",____________________X00020A___R0020A__U000R03000N99999999_020A__K000());
return 0;
}
$ g++ compileme.c -o temp
$ sed -b s/Z68/_20/g temp > valgrindme
$ chmod u+x valgrindme
$ ./valgrindme
Hello World!
$ valgrind --leak-check=yes ./valgrindme
--
You are receiving this mail because:
You are watching all bug changes.
