Backport "Add a recursion limit to the demangle_const function in the Rust demangler."

And related patches. Also fix bogus date on changelog Resolves: RHEL-4234
2023-10-03 13:26:17 +02:00 · 2023-10-03 13:26:17 +02:00 · d63d041945
commit d63d041945
parent e5a8be3bb0
7 changed files with 254 additions and 1 deletions
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@ -483,3 +483,15 @@ Patch116: libiberty-rhbz-2132600-prevent-buffer-overflow.patch
 # (Tom Tromey, RHEL-7328)
 Patch117: gdb-rhel-7328-fix-fortran-28801.patch

+# Backport "libiberty: Fix infinite recursion in rust demangler."
+# (Nick Clifton, RHEL-4234)
+Patch118: libiberty-infinite-recursion-fix-1-of-3.patch
+
+# Backport Add a recursion limit to the demangle_const function in the Rust demangler.
+# (Nick Clifton, RHEL-4234)
+Patch119: libiberty-infinite-recursion-fix-2-of-3.patch
+
+# Backport Fix typo in recent code to add stack recursion limit to the Rust demangler.
+# (Nick Clifton, RHEL-4234)
+Patch120: libiberty-infinite-recursion-fix-3-of-3.patch
+
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@ -115,3 +115,6 @@
 %patch115 -p1
 %patch116 -p1
 %patch117 -p1
+%patch118 -p1
+%patch119 -p1
+%patch120 -p1
--- a/3
+++ b/3
@ -115,3 +115,6 @@ gdb-fix-gdb.base-printcmds-s390x-regressions.patch
 gdb-rhbz-2130624-assert_in_jit_event_handler.patch
 libiberty-rhbz-2132600-prevent-buffer-overflow.patch
 gdb-rhel-7328-fix-fortran-28801.patch
+libiberty-infinite-recursion-fix-1-of-3.patch
+libiberty-infinite-recursion-fix-2-of-3.patch
+libiberty-infinite-recursion-fix-3-of-3.patch
--- a/gdb.spec
+++ b/gdb.spec
@ -1159,6 +1159,14 @@ fi

 %changelog
 * Tue Oct  3 2023 Guinevere Larsen <blarsen@redhat.com> - 10.2-12.el9
+- Backport "libiberty: Fix infinite recursion in rust demangler."
+  (Nick Clifton)
+- Backport Add a recursion limit to the demangle_const function in the Rust demangler.
+  (Nick Clifton, RHEL-4234)
+- Backport Fix typo in recent code to add stack recursion limit to the Rust demangler.
+  (Nick Clifton)
+
+* Tue Oct  3 2023 Guinevere Larsen <blarsen@redhat.com>
 - Backport "Fix crash in Fortran code"
  (Tom Tromey, RHEL-7328)

@ -1170,7 +1178,7 @@ fi
 - Backport "[gdb/breakpoint] Fix assert in jit_event_handler"
  (Tom de Vries, RHBZ 2130624)

-* Wed Mar 23 2023 Bruno Larsen <blarsen@redhat.com>
+* Thu Mar 23 2023 Bruno Larsen <blarsen@redhat.com>
 - Bakport "Fix assertion failure in copy_type"
  (Tom Tromey, RHBZ 2155439)
 - Bakport "[gdb/testsuite] Fix PR20630 regression test in gdb.base/printcmds.exp"
--- a/libiberty-infinite-recursion-fix-1-of-3.patch
+++ b/libiberty-infinite-recursion-fix-1-of-3.patch
@ -0,0 +1,119 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 31 Jan 2022 14:28:42 +0000
+Subject: libiberty-infinite-recursion-fix-1-of-3.patch
+
+;; Backport "libiberty: Fix infinite recursion in rust demangler."
+;; (Nick Clifton)
+
+libiberty/
+	PR demangler/98886
+	PR demangler/99935
+	* rust-demangle.c (struct rust_demangler): Add a recursion
+	counter.
+	(demangle_path): Increment/decrement the recursion counter upon
+	entry and exit.  Fail if the counter exceeds a fixed limit.
+	(demangle_type): Likewise.
+	(rust_demangle_callback): Initialise the recursion counter,
+	disabling if requested by the option flags.
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
+@@ -74,6 +74,12 @@ struct rust_demangler
+   /* Rust mangling version, with legacy mangling being -1. */
+   int version;
+ 
+  /* Recursion depth.  */
+  unsigned int recursion;
+  /* Maximum number of times demangle_path may be called recursively.  */
+#define RUST_MAX_RECURSION_COUNT  1024
+#define RUST_NO_RECURSION_LIMIT   ((unsigned int) -1)
+
+   uint64_t bound_lifetime_depth;
+ };
+ 
+@@ -671,6 +677,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+   if (rdm->errored)
+     return;
+ 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	/* FIXME: There ought to be a way to report
+	   that the recursion limit has been reached.  */
+	goto fail_return;
+    }
+
+   switch (tag = next (rdm))
+     {
+     case 'C':
+@@ -688,10 +703,7 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+     case 'N':
+       ns = next (rdm);
+       if (!ISLOWER (ns) && !ISUPPER (ns))
+-        {
+-          rdm->errored = 1;
+-          return;
+-        }
+	goto fail_return;
+ 
+       demangle_path (rdm, in_value);
+ 
+@@ -776,9 +788,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+         }
+       break;
+     default:
+-      rdm->errored = 1;
+-      return;
+      goto fail_return;
+     }
+  goto pass_return;
+
+ fail_return:
+  rdm->errored = 1;
+ pass_return:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+ }
+ 
+ static void
+@@ -870,6 +888,19 @@ demangle_type (struct rust_demangler *rdm)
+       return;
+     }
+ 
+   if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	/* FIXME: There ought to be a way to report
+	   that the recursion limit has been reached.  */
+	{
+	  rdm->errored = 1;
+	  -- rdm->recursion;
+	  return;
+	}
+    }
+
+   switch (tag)
+     {
+     case 'R':
+@@ -1030,6 +1061,9 @@ demangle_type (struct rust_demangler *rdm)
+       rdm->next--;
+       demangle_path (rdm, 0);
+     }
+
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+ }
+ 
+ /* A trait in a trait object may have some "existential projections"
+@@ -1317,6 +1351,7 @@ rust_demangle_callback (const char *mangled, int options,
+   rdm.skipping_printing = 0;
+   rdm.verbose = (options & DMGL_VERBOSE) != 0;
+   rdm.version = 0;
+  rdm.recursion = (options & DMGL_NO_RECURSE_LIMIT) ? RUST_NO_RECURSION_LIMIT : 0;
+   rdm.bound_lifetime_depth = 0;
+ 
+   /* Rust symbols always start with _R (v0) or _ZN (legacy). */
--- a/libiberty-infinite-recursion-fix-2-of-3.patch
+++ b/libiberty-infinite-recursion-fix-2-of-3.patch
@ -0,0 +1,85 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 1 Jul 2022 15:58:52 +0100
+Subject: libiberty-infinite-recursion-fix-2-of-3.patch
+
+;; Backport Add a recursion limit to the demangle_const function in the Rust demangler.
+;; (Nick Clifton, RHEL-4234)
+
+libiberty/
+	PR demangler/105039
+	* rust-demangle.c (demangle_const): Add recursion limit.
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
+@@ -126,7 +126,7 @@ parse_integer_62 (struct rust_demangler *rdm)
+     return 0;
+ 
+   x = 0;
+-  while (!eat (rdm, '_'))
+  while (!eat (rdm, '_') && !rdm->errored)
+     {
+       c = next (rdm);
+       x *= 62;
+@@ -1148,6 +1148,15 @@ demangle_const (struct rust_demangler *rdm)
+   if (rdm->errored)
+     return;
+ 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	/* FIXME: There ought to be a way to report
+	   that the recursion limit has been reached.  */
+	goto fail_return;
+    }
+
+   if (eat (rdm, 'B'))
+     {
+       backref = parse_integer_62 (rdm);
+@@ -1158,7 +1167,7 @@ demangle_const (struct rust_demangler *rdm)
+           demangle_const (rdm);
+           rdm->next = old_next;
+         }
+-      return;
+      goto pass_return;
+     }
+ 
+   ty_tag = next (rdm);
+@@ -1167,7 +1176,7 @@ demangle_const (struct rust_demangler *rdm)
+     /* Placeholder. */
+     case 'p':
+       PRINT ("_");
+-      return;
+      goto pass_return;
+ 
+     /* Unsigned integer types. */
+     case 'h':
+@@ -1200,18 +1209,20 @@ demangle_const (struct rust_demangler *rdm)
+       break;
+ 
+     default:
+-      rdm->errored = 1;
+-      return;
+      goto fail_return;
+     }
+ 
+-  if (rdm->errored)
+-    return;
+-
+-  if (rdm->verbose)
+  if (!rdm->errored && rdm->verbose)
+     {
+       PRINT (": ");
+       PRINT (basic_type (ty_tag));
+     }
+
+ fail_return:
+  rdm->errored = 1;
+ pass_return:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+ }
+ 
+ static void
--- a/libiberty-infinite-recursion-fix-3-of-3.patch
+++ b/libiberty-infinite-recursion-fix-3-of-3.patch
@ -0,0 +1,23 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 4 Jul 2022 16:31:18 +0100
+Subject: libiberty-infinite-recursion-fix-3-of-3.patch
+
+;; Backport Fix typo in recent code to add stack recursion limit to the Rust demangler.
+;; (Nick Clifton)
+
+libiberty
+	* rust-demangle.c (demangle_const): Add a missing goto pass_return
+	at the end of the function.
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
+@@ -1217,6 +1217,7 @@ demangle_const (struct rust_demangler *rdm)
+       PRINT (": ");
+       PRINT (basic_type (ty_tag));
+     }
+  goto pass_return;
+ 
+  fail_return:
+   rdm->errored = 1;