Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SR-8576] Invalid read when using swift-demangle on crafted strings #51094

Closed
swift-ci opened this issue Aug 18, 2018 · 2 comments
Closed

[SR-8576] Invalid read when using swift-demangle on crafted strings #51094

swift-ci opened this issue Aug 18, 2018 · 2 comments
Assignees
@eeckstein
Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. compiler The Swift compiler in itself mangling Area → compiler: Mangling

Comments

@swift-ci
Copy link
Collaborator

Previous ID SR-8576
Radar None
Original Reporter hongxuchen (JIRA User)
Type Bug
Status Resolved
Resolution Done

Attachment: Download

Environment

Swift version 4.2-dev (LLVM aba011d5dc, Clang 09210590b6, Swift 6f91a4e)
Target: x86_64-unknown-linux-gnu

Additional Detail from JIRA
Votes 0
Component/s Compiler
Labels Bug, Mangling
Assignee @eeckstein
Priority Medium

md5: 7a60fed84d58531375bf89f1389749ae

Issue Description:

An invalid read may be triggered when running swift-demangle with some crafted strings; this will cause segment fault on the latest swift-DEVELOPMENT-SNAPSHOT-2018-08-16-a-ubuntu18.04.

gdb --args ./swift-demangle
Reading symbols from ./swift-demangle...(no debugging symbols found)...done.
(gdb) run
Starting program: /home/hongxu/FOT/SWIFT/swift-DEVELOPMENT-SNAPSHOT-2018-08-16-a-ubuntu18.04/usr/bin/swift-demangle 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
$SSD1BySSSBsg_G
Program received signal SIGSEGV, Segmentation fault.
0x000000000040ddf5 in swift::Demangle::Demangler::demangleBoundGenericType() ()
(gdb) bt
#​0 0x000000000040ddf5 in swift::Demangle::Demangler::demangleBoundGenericType() ()
#​1 0x0000000000409808 in swift::Demangle::Demangler::demangleSymbol(llvm::StringRef) ()
#​2 0x00000000004069cd in demangle(llvm::raw_ostream&, llvm::StringRef, swift::Demangle::Context&, swift::Demangle::DemangleOptions const&) ()
#​3 0x000000000040683f in main ()

When built with ASAN, it reports error messages like:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==19517==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00000055e92c bp 0x7fffa066c730 sp 0x7fffa066c580 T0)
==19517==The signal is caused by a READ memory access.
==19517==Hint: address points to the zero page.
 #​0 0x55e92b in swift::Demangle::Node::addChild(swift::Demangle::Node*, swift::Demangle::NodeFactory&) /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:276:22
 #​1 0x55e92b in swift::Demangle::Demangler::demangleBoundGenericType() /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:1253
 #​2 0x540fa7 in swift::Demangle::Demangler::parseAndPushNodes() /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:452:24
 #​3 0x540fa7 in swift::Demangle::Demangler::demangleSymbol(llvm::StringRef) /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:410
 #​4 0x52a826 in demangle(llvm::raw_ostream&, llvm::StringRef, swift::Demangle::Context&, swift::Demangle::DemangleOptions const&) /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:93:47
 #​5 0x5291f9 in main /home/hongxu/FOT/SWIFT/swift/tools/swift-demangle/swift-demangle.cpp:186:7
 #​6 0x7f98fe657b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
 #​7 0x42a009 in _start (/home/hongxu/FOT/SWIFT/build/Ninja-RelWithDebInfoAssert+asan/swift-linux-x86_64/bin/swift-demangle+0x42a009)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/hongxu/FOT/SWIFT/swift/lib/Demangling/Demangler.cpp:276:22 in swift::Demangle::Node::addChild(swift::Demangle::Node*, swift::Demangle::NodeFactory&)
==19517==ABORTING

Detailed POCs and error messages are attached.
@belkadan
Copy link
Contributor

cc @eeckstein

@eeckstein
Copy link
Member

fixed in #19152

@swift-ci swift-ci transferred this issue from apple/swift-issues Apr 25, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eeckstein eeckstein

Labels
bug A deviation from expected or documented behavior. Also: expected but undesirable behavior. compiler The Swift compiler in itself mangling Area → compiler: Mangling
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@belkadan @eeckstein @swift-ci