|
From: | Nathaniel Beaver |
Subject: | info hangs in text_buffer_iconv() on malformed input file |
Date: | Fri, 19 Feb 2021 22:22:56 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
Steps to reproduce: info -f reproduce_bug.info Expected behavior: info exits with an error. Actual behavior: info stuck in an infinite loop Comments:The bug does not seem to be reproducible with info version 6.5. It is reproducible with the latest git revision; I'm not sure when it was introduced.
The file was generated with afl-fuzz and then hand-edited. The only addition to the original file is a misplaced index tag:
^@^H[index^@^H]When run on the gzipped version, the result is a segmentation fault in utf8_internal_loop() instead of an infinite loop in text_buffer_iconv().
Sincerely, Nathaniel Beaver P.S. Version information: $ git describe --tags texinfo-6.6-700-g97eb358ee3 $ git rev-parse HEAD 97eb358ee34966dd1dbc80a78bd5bac77748e112 $ info/ginfo --version info (GNU texinfo) 6.7dev Copyright (C) 2019 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
address-sanitizer.txt
Description: Text document
gdb.txt
Description: Text document
gdb-sigsegv.txt
Description: Text document
original.info
Description: application/gnuinfo
original.info.gz
Description: application/gzip
reproduce_bug.info
Description: application/gnuinfo
reproduce_bug.info.gz
Description: application/gzip
valgrind_1635_1.txt
Description: Text document
[Prev in Thread] | Current Thread | [Next in Thread] |