Vulnerabilities discovered so far in GCC c++filt v2.26.Is it all solved now? (18-11-2021)

Preface: Not limited to traditional Linux, Apple also has cplus-dem[.]c open source.

Background:

What is GCC used for? GCC stands for GNU Compiler Collections which is used to compile mainly C and C++ language. It can also be used to compile Objective C and Objective C++.

File (cplus-dem.c) lives in both GCC and libiberty. Cplus-dem[.]cis part of the libiberty library.Libiberty is free software. This file imports xmalloc and xrealloc, which are like malloc and realloc except that they generate a fatal error if there is no available memory.

In C, the malloc() function will allocate memory on the heap and return a pointer to the address of the allocated memory. Whenever malloc() is used, you will most likely hear of the free() function being used, which as the name indicates will free or deallocate the address of the memory allocation presented by the pointer returned from malloc().

How the computer tracks these allocations and frees?
Computer through a dynamic data structure known as a “linked list” (lists in which each block includes a pointers to the next block on the list).
The linked list keeps track of the free blocks of memory within the system.

Vulnerability details: GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

Official details: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188

Remediation: It has not been announced yet.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.