[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
out of bounds read in tag_expand
From: |
Hanno Böck |
Subject: |
out of bounds read in tag_expand |
Date: |
Mon, 23 Jan 2017 22:59:59 +0100 |
And one more heap out of bounds read, visible with address sanitizer.
Stack trace:
==12951==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000df40 at pc 0x0000004969bf bp 0x7ffe36779500 sp 0x7ffe36778cb0
READ of size 2 at 0x60200000df40 thread T0
#0 0x4969be in __interceptor_memcmp.part.69 (/r/texinfo/ginfo+0x4969be)
#1 0x579aa7 in tag_expand /f/texinfo/trunk/info/tag.c:221:7
#2 0x525d16 in scan_info_tag /f/texinfo/trunk/info/info-utils.c:1533:7
#3 0x525d16 in scan_node_contents /f/texinfo/trunk/info/info-utils.c:1707
#4 0x54c9b7 in info_node_of_tag_ext /f/texinfo/trunk/info/nodes.c:1452:11
#5 0x54ad69 in info_node_of_tag /f/texinfo/trunk/info/nodes.c:1493:10
#6 0x54ad69 in info_get_node_of_file_buffer
/f/texinfo/trunk/info/nodes.c:1115
#7 0x54a573 in info_get_node_with_defaults
/f/texinfo/trunk/info/nodes.c:998:14
#8 0x56dea2 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
#9 0x56db72 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
#10 0x531d99 in main /f/texinfo/trunk/info/info.c:1073:7
#11 0x7f6b91f1178f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#12 0x41a598 in _start (/r/texinfo/ginfo+0x41a598)
0x60200000df40 is located 0 bytes to the right of 16-byte region
[0x60200000df30,0x60200000df40)
allocated by thread T0 here:
#0 0x4ca6f8 in malloc (/r/texinfo/ginfo+0x4ca6f8)
#1 0x5909ae in xmalloc /f/texinfo/trunk/gnulib/lib/xmalloc.c:41:13
#2 0x518c8a in filesys_read_info_file /f/texinfo/trunk/info/filesys.c:321:18
#3 0x548dc2 in info_load_file /f/texinfo/trunk/info/nodes.c:733:14
#4 0x548c1d in info_find_file /f/texinfo/trunk/info/nodes.c:670:17
#5 0x54a543 in info_get_node_with_defaults
/f/texinfo/trunk/info/nodes.c:993:19
#6 0x56dea2 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10
#7 0x56db72 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11
#8 0x531d99 in main /f/texinfo/trunk/info/info.c:1073:7
#9 0x7f6b91f1178f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#10 0x41a598 in _start (/r/texinfo/ginfo+0x41a598)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/r/texinfo/ginfo+0x4969be) in __interceptor_memcmp.part.69
--
Hanno Böck
https://hboeck.de/
mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
texinfo-oob-tag_expand.info
Description: Binary data
- out of bounds read in tag_expand,
Hanno Böck <=