[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AddressSanitizer reports a heap buffer overflow from scan_node_contents(

From: Nathaniel Beaver
Subject: AddressSanitizer reports a heap buffer overflow from scan_node_contents() on malformed info file
Date: Sat, 20 Feb 2021 17:43:55 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1

Steps to reproduce:
Compile with -fsanitize=address, then run:

info -f reproduce_bug.info

Expected behavior:

info does not trigger AddressSanitizer errors.

Actual behavior:

AddressSanitizer reports a heap-buffer-overflow from scan_node_contents() in info/info-utils.c:1676

This file was generated by afl-fuzz; I don't understand how it creates a heap buffer overflow.

Valgrind also reports invalid reads in various functions (see attached).


Nathaniel Beaver

P.S. Version information:

$ git describe --tags
$ git rev-parse HEAD
$ info/ginfo --version
info (GNU texinfo) 6.7dev

Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Attachment: address-sanitizer.txt
Description: Text document

Attachment: valgrind_20783_1.txt
Description: Text document

Attachment: original.info
Description: application/gnuinfo

Attachment: reproduce_bug.info
Description: application/gnuinfo

Attachment: reproduce_bug.info.gz
Description: application/gzip

reply via email to

[Prev in Thread] Current Thread [Next in Thread]