bug-texinfo
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AddressSanitizer reports a heap buffer overflow from scan_node_contents(

From: Nathaniel Beaver
Subject: AddressSanitizer reports a heap buffer overflow from scan_node_contents() on malformed info file
Date: Sat, 20 Feb 2021 17:43:55 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 
Steps to reproduce:
Compile with -fsanitize=address, then run:

info -f reproduce_bug.info

Expected behavior:

info does not trigger AddressSanitizer errors.

Actual behavior:
AddressSanitizer reports a heap-buffer-overflow from scan_node_contents() in info/info-utils.c:1676 

Comments:
This file was generated by afl-fuzz; I don't understand how it creates a heap buffer overflow. 

Valgrind also reports invalid reads in various functions (see attached).

Sincerely,

Nathaniel Beaver

P.S. Version information:

$ git describe --tags
texinfo-6.6-700-g97eb358ee3
$ git rev-parse HEAD
97eb358ee34966dd1dbc80a78bd5bac77748e112
$ info/ginfo --version
info (GNU texinfo) 6.7dev

Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Attachment: address-sanitizer.txt
Description: Text document

Attachment: valgrind_20783_1.txt
Description: Text document

Attachment: original.info
Description: application/gnuinfo

Attachment: reproduce_bug.info
Description: application/gnuinfo

Attachment: reproduce_bug.info.gz
Description: application/gzip

reply via email to
[Prev in Thread] Current Thread [Next in Thread]