|
From: | Nathaniel Beaver |
Subject: | AddressSanitizer reports a heap buffer overflow from scan_node_contents() on malformed info file |
Date: | Sat, 20 Feb 2021 17:43:55 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
Steps to reproduce: Compile with -fsanitize=address, then run: info -f reproduce_bug.info Expected behavior: info does not trigger AddressSanitizer errors. Actual behavior:AddressSanitizer reports a heap-buffer-overflow from scan_node_contents() in info/info-utils.c:1676
Comments:This file was generated by afl-fuzz; I don't understand how it creates a heap buffer overflow.
Valgrind also reports invalid reads in various functions (see attached). Sincerely, Nathaniel Beaver P.S. Version information: $ git describe --tags texinfo-6.6-700-g97eb358ee3 $ git rev-parse HEAD 97eb358ee34966dd1dbc80a78bd5bac77748e112 $ info/ginfo --version info (GNU texinfo) 6.7dev Copyright (C) 2019 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
address-sanitizer.txt
Description: Text document
valgrind_20783_1.txt
Description: Text document
original.info
Description: application/gnuinfo
reproduce_bug.info
Description: application/gnuinfo
reproduce_bug.info.gz
Description: application/gzip
[Prev in Thread] | Current Thread | [Next in Thread] |