dgit.raspbian.org Git - binutils.git/commit

author	Matthias Klose <doko@debian.org>
	Thu, 5 Mar 2026 11:22:39 +0000 (12:22 +0100)
committer	Matthias Klose <doko@debian.org>
	Thu, 5 Mar 2026 11:22:39 +0000 (12:22 +0100)
commit	0ce524c0079fc210cf57110ebb3b875c68986974
tree	fa3eb29c2481e0cd2c0ddc9d0d31b01631826cda	tree \| snapshot
parent	582fd75135053ac447a2e2089a0db217103f2988	commit \| diff

pr106641

# DP: Fix PR demangler/106641, taken from the trunk.

# DP: Fix PR demangler/106641, taken from the trunk.

libiberty: fix resource exhaustion in rust demangler (PR demangler/106641)

demangle_binder() parses the bound_lifetimes count as a base-62
integer with no upper bound.  A crafted symbol can encode a huge
lifetime count in very few bytes, causing OOM or CPU hang.

Cap bound_lifetimes at 1024 and check rdm->errored in the loop
so it bails out early on errors during iteration.

libiberty/ChangeLog:

        PR demangler/106641
        * rust-demangle.c (demangle_binder): Reject bound_lifetimes
        above 1024 to prevent resource exhaustion from crafted symbols.
        Add rdm->errored check in the loop condition.
        * testsuite/rust-demangle-expected: Add regression test.

Gbp-Pq: Name pr106641.diff

libiberty/rust-demangle.c		diff \| blob \| history
libiberty/testsuite/rust-demangle-expected		diff \| blob \| history