Impact
An integer overflow is present in consume_count function of src/gnu_v2/cplus-dem.c (rz-libdemangle library), due to compiler optimizations removing the overflow check code. The compiler determines some parts of the function as unreachable and compile them out, however by doing so it removes an important overflow check. Users opening untrusted binary files that contain old (GCC 2) C++ mangling scheme might be affected.
Patches
The problem has been patched in rz-libdemangle library
Workarounds
A temporary workaround would be disabling C++ demangling using the configuration option bin.demangle=false.
References
https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419
ifyGecko Analyst
Impact
An integer overflow is present in
consume_countfunction ofsrc/gnu_v2/cplus-dem.c(rz-libdemangle library), due to compiler optimizations removing the overflow check code. The compiler determines some parts of the function as unreachable and compile them out, however by doing so it removes an important overflow check. Users opening untrusted binary files that contain old (GCC 2) C++ mangling scheme might be affected.Patches
The problem has been patched in
rz-libdemanglelibraryWorkarounds
A temporary workaround would be disabling C++ demangling using the configuration option
bin.demangle=false.References
https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419