texinfo-nullptr-info_get_node_of_file_buffer.infoDescription: Binary data
|
| From: | Hanno Böck |
| Subject: | [patch] fix segfault due to null pointer access in info_get_node_of_file_buffer |
| Date: | Sun, 2 Oct 2016 16:13:45 +0200 |
Hi,
I've attached a file that will segfault if passed to info (with -f
[input]).
The reason is a null pointer access in the function
info_get_node_of_file_buffer(). I'll also attach a proposed patch to
fix it.
This bug was found with the help of the tool american fuzzy lop.
Here's a stack trace from address sanitizer of the bug:
==20372==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000047ae43 bp 0x7fff49e63fd0 sp 0x7fff49e63750 T0)
#0 0x47ae42 in __interceptor_strcmp
(/mnt/ram/texinfo-6.3/info/ginfo+0x47ae42)
#1 0x53aa63 in info_get_node_of_file_buffer
/mnt/ram/texinfo-6.3/info/nodes.c:1105:13
#2 0x53a419 in info_get_node_with_defaults
/mnt/ram/texinfo-6.3/info/nodes.c:988:14
#3 0x55df11 in dump_node_to_stream
/mnt/ram/texinfo-6.3/info/session.c:3765:10
#4 0x55dc52 in dump_nodes_to_file
/mnt/ram/texinfo-6.3/info/session.c:3728:11
#5 0x521cbf in main /mnt/ram/texinfo-6.3/info/info.c:1029:7
#6 0x7f668147e6ff in __libc_start_main
/var/tmp/portage/sys-libs/glibc-2.23-r2/work/glibc-2.23/csu/../csu/libc-start.c:289
#7 0x41ab08 in _start (/mnt/ram/texinfo-6.3/info/ginfo+0x41ab08)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mnt/ram/texinfo-6.3/info/ginfo+0x47ae42) in
__interceptor_strcmp
==20372==ABORTING
--
Hanno Böck
https://hboeck.de/
mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
texinfo-nullptr-info_get_node_of_file_buffer.info
Description: Binary data
texinfo-6.3-fix-nullptr.diff
Description: Text Data
pgp85MXCmyDeA.pgp
Description: OpenPGP digital signature
| [Prev in Thread] | Current Thread | [Next in Thread] |