bug-texinfo
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

info hangs in text_buffer_iconv() on malformed input file

From: Nathaniel Beaver
Subject: info hangs in text_buffer_iconv() on malformed input file
Date: Fri, 19 Feb 2021 22:22:56 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 
Steps to reproduce:

info -f reproduce_bug.info

Expected behavior:

info exits with an error.

Actual behavior:

info stuck in an infinite loop

Comments:
The bug does not seem to be reproducible with info version 6.5. It is reproducible with the latest git revision; I'm not sure when it was introduced.
The file was generated with afl-fuzz and then hand-edited. The only addition to the original file is a misplaced index tag: 

^@^H[index^@^H]
When run on the gzipped version, the result is a segmentation fault in utf8_internal_loop() instead of an infinite loop in text_buffer_iconv(). 

Sincerely,

Nathaniel Beaver

P.S. Version information:

$ git describe --tags
texinfo-6.6-700-g97eb358ee3
$ git rev-parse HEAD
97eb358ee34966dd1dbc80a78bd5bac77748e112
$ info/ginfo --version
info (GNU texinfo) 6.7dev

Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Attachment: address-sanitizer.txt
Description: Text document

Attachment: gdb.txt
Description: Text document

Attachment: gdb-sigsegv.txt
Description: Text document

Attachment: original.info
Description: application/gnuinfo

Attachment: original.info.gz
Description: application/gzip

Attachment: reproduce_bug.info
Description: application/gnuinfo

Attachment: reproduce_bug.info.gz
Description: application/gzip

Attachment: valgrind_1635_1.txt
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]