From: Nick Clifton <nickc@redhat.com>
Date: Mon, 4 Jul 2022 10:05:03 +0000 (+0100)
Subject: Prevent another potential stack overflow issue when demangling a maliciouslt mangled... 
X-Git-Tag: basepoints/gcc-14~5755
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a770b01ef415e114164b6151d1e55acdee09371;p=thirdparty%2Fgcc.git

Prevent another potential stack overflow issue when demangling a maliciouslt mangled Rust name.

libiberty/
	* rust-demangle.c (demangle_path_maybe_open_generics): Add
	recursion limit.
---

diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
index 36afcfae278..d6daf23af27 100644
--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
@@ -1082,6 +1082,18 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
   if (rdm->errored)
     return open;
 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	{
+	  /* FIXME: There ought to be a way to report
+	     that the recursion limit has been reached.  */
+	  rdm->errored = 1;
+	  goto end_of_func;
+	}
+    }
+
   if (eat (rdm, 'B'))
     {
       backref = parse_integer_62 (rdm);
@@ -1107,6 +1119,11 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
     }
   else
     demangle_path (rdm, 0);
+
+ end_of_func:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+
   return open;
 }