out of bounds heap read in scan_node

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

out of bounds heap read in scan_node_contents

From:	Hanno Böck
Subject:	out of bounds heap read in scan_node_contents
Date:	Sat, 21 Jan 2017 21:19:53 +0100

The attached file will cause an out of bounds heap read access in the
function scan_node_contents.

asan stack trace:

==12816==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x60200000dcff at pc 0x0000004969bf bp 0x7ffd18e99610 sp 0x7ffd18e98dc0
READ of size 8 at 0x60200000dcff thread T0
    #0 0x4969be in __interceptor_memcmp.part.69 
(/old-ram1/texinfo/ginfo+0x4969be)
    #1 0x5259db in scan_node_contents /f/texinfo/trunk/info/info-utils.c:1694:29
    #2 0x54ca07 in info_node_of_tag_ext /f/texinfo/trunk/info/nodes.c:1447:11
    #3 0x54adb9 in info_node_of_tag /f/texinfo/trunk/info/nodes.c:1488:10
    #4 0x54adb9 in info_get_node_of_file_buffer 
/f/texinfo/trunk/info/nodes.c:1112
    #5 0x54a5c3 in info_get_node_with_defaults 
/f/texinfo/trunk/info/nodes.c:995:14
    #6 0x56de62 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
    #7 0x56db32 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
    #8 0x531e19 in main /f/texinfo/trunk/info/info.c:1073:7
    #9 0x7faf0a4d878f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #10 0x41a598 in _start (/old-ram1/texinfo/ginfo+0x41a598)

0x60200000dcff is located 0 bytes to the right of 15-byte region 
[0x60200000dcf0,0x60200000dcff)
allocated by thread T0 here:
    #0 0x4ca6f8 in malloc (/old-ram1/texinfo/ginfo+0x4ca6f8)
    #1 0x59096e in xmalloc /f/texinfo/trunk/gnulib/lib/xmalloc.c:41:13
    #2 0x518c87 in filesys_read_info_file /f/texinfo/trunk/info/filesys.c:321:18
    #3 0x548e12 in info_load_file /f/texinfo/trunk/info/nodes.c:730:14
    #4 0x548c6d in info_find_file /f/texinfo/trunk/info/nodes.c:667:17
    #5 0x54a593 in info_get_node_with_defaults 
/f/texinfo/trunk/info/nodes.c:990:19
    #6 0x56de62 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
    #7 0x56db32 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
    #8 0x531e19 in main /f/texinfo/trunk/info/info.c:1073:7
    #9 0x7faf0a4d878f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #10 0x41a598 in _start (/old-ram1/texinfo/ginfo+0x41a598)

SUMMARY: AddressSanitizer: heap-buffer-overflow
(/old-ram1/texinfo/ginfo+0x4969be) in __interceptor_memcmp.part.69

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

texinfo-oob-heap-scan_node_contents.info
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

out of bounds heap read in scan_node_contents, Hanno Böck <=
- Re: out of bounds heap read in scan_node_contents, Gavin Smith, 2017/01/21
  - Re: out of bounds heap read in scan_node_contents, Hanno Böck, 2017/01/22
  - Re: out of bounds heap read in scan_node_contents, Hanno Böck, 2017/01/23
    - Re: out of bounds heap read in scan_node_contents, Gavin Smith, 2017/01/23
    - Re: out of bounds heap read in scan_node_contents, Gavin Smith, 2017/01/23
    - Re: out of bounds heap read in scan_node_contents, Hanno Böck, 2017/01/23

Prev by Date: Invalid memory read access in get_tags_of_indirect_tags_table()
Next by Date: Re: Invalid memory read access in get_tags_of_indirect_tags_table()
Previous by thread: Invalid memory read access in get_tags_of_indirect_tags_table()
Next by thread: Re: out of bounds heap read in scan_node_contents
Index(es):
- Date
- Thread