CVE-2018-9138: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.
(In reply to Michael Boyle from comment #0) > CVE-2018-9138: > > An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in > GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ > demangling functions provided by libiberty, and there are recursive stack > frames: demangle_nested_args, demangle_args, do_arg, and do_type. Still under debate upstream whether this is real, no fix committed
Upstream conclusion seems to be "working as expected"
(In reply to Andreas K. Hüttel from comment #2) > Upstream conclusion seems to be "working as expected" Agree.