From 1a770b01ef415e114164b6151d1e55acdee09371 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 4 Jul 2022 11:05:03 +0100
Subject: Prevent another potential stack overflow issue when demangling a
 maliciouslt mangled Rust name.

libiberty/
	* rust-demangle.c (demangle_path_maybe_open_generics): Add
	recursion limit.
---
 libiberty/rust-demangle.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'libiberty/rust-demangle.c')

diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
index 36afcfa..d6daf23 100644
--- a/libiberty/rust-demangle.c
+++ b/libiberty/rust-demangle.c
@@ -1082,6 +1082,18 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
   if (rdm->errored)
     return open;
 
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    {
+      ++ rdm->recursion;
+      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
+	{
+	  /* FIXME: There ought to be a way to report
+	     that the recursion limit has been reached.  */
+	  rdm->errored = 1;
+	  goto end_of_func;
+	}
+    }
+
   if (eat (rdm, 'B'))
     {
       backref = parse_integer_62 (rdm);
@@ -1107,6 +1119,11 @@ demangle_path_maybe_open_generics (struct rust_demangler *rdm)
     }
   else
     demangle_path (rdm, 0);
+
+ end_of_func:
+  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
+    -- rdm->recursion;
+
   return open;
 }
 
-- 
cgit v1.1