bug-texinfo
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heap out of bounds read in scan_reference_target

From: Hanno Böck
Subject: heap out of bounds read in scan_reference_target
Date: Sun, 22 Jan 2017 13:36:04 +0100 
The attached file causes an out of bounds memory read in
scan_reference-target().

Address Sanitizer stack trace:
==27654==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x60300000d974 at pc 0x00000052b60a bp 0x7ffcec9c1b70 sp 0x7ffcec9c1b68
READ of size 1 at 0x60300000d974 thread T0
    #0 0x52b609 in scan_reference_target 
/f/texinfo/trunk/info/info-utils.c:1317:7
    #1 0x52b609 in scan_node_contents /f/texinfo/trunk/info/info-utils.c:1679
    #2 0x54ca37 in info_node_of_tag_ext /f/texinfo/trunk/info/nodes.c:1449:11
    #3 0x54ade9 in info_node_of_tag /f/texinfo/trunk/info/nodes.c:1490:10
    #4 0x54ade9 in info_get_node_of_file_buffer 
/f/texinfo/trunk/info/nodes.c:1114
    #5 0x54a5f3 in info_get_node_with_defaults 
/f/texinfo/trunk/info/nodes.c:997:14
    #6 0x56dea2 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
    #7 0x56db72 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
    #8 0x531e19 in main /f/texinfo/trunk/info/info.c:1073:7
    #9 0x7fd9c4f9f78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #10 0x41a598 in _start (/old-ram1/texinfo/ginfo+0x41a598)

0x60300000d974 is located 0 bytes to the right of 20-byte region 
[0x60300000d960,0x60300000d974)
allocated by thread T0 here:
    #0 0x4ca6f8 in malloc (/old-ram1/texinfo/ginfo+0x4ca6f8)
    #1 0x5909ae in xmalloc /f/texinfo/trunk/gnulib/lib/xmalloc.c:41:13
    #2 0x518c8a in filesys_read_info_file /f/texinfo/trunk/info/filesys.c:321:18
    #3 0x548e42 in info_load_file /f/texinfo/trunk/info/nodes.c:732:14
    #4 0x548c9d in info_find_file /f/texinfo/trunk/info/nodes.c:669:17
    #5 0x54a5c3 in info_get_node_with_defaults 
/f/texinfo/trunk/info/nodes.c:992:19
    #6 0x56dea2 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
    #7 0x56db72 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
    #8 0x531e19 in main /f/texinfo/trunk/info/info.c:1073:7
    #9 0x7fd9c4f9f78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
    #10 0x41a598 in _start (/old-ram1/texinfo/ginfo+0x41a598)

SUMMARY: AddressSanitizer: heap-buffer-overflow 
/f/texinfo/trunk/info/info-utils.c:1317:7 in scan_reference_target


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: texinfo-heap-oob-scan_reference_target.info
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]