Re: Fwd: Bug#1025940: info: buffer overflow in copy

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Bug#1025940: info: buffer overflow in copy_converting()

From:	Gavin Smith
Subject:	Re: Fwd: Bug#1025940: info: buffer overflow in copy_converting()
Date:	Mon, 12 Dec 2022 18:47:43 +0000

On Mon, Dec 12, 2022 at 01:31:39PM +0100, Hilmar Preuße wrote:
> Hello,
> 
> another one for you. The issue is reproducible with latest git checkout.
> I could only test on amd64, where the error message looks differently.
> 
> hille@sid-amd64:~$ /usr/bin/info groff > /dev/null
> realloc(): invalid next size
> Aborted (core dumped)

Apologies for the further crash.  I believe I have fixed it in commit
9a83ffc3d.  I have also added the change to the release branch, and I
think that we should make a bug-test release fairly soon with this fix
in it (say, within a month).

The same crash occurs when running interactively.  If you
run "info groff" and then navigate to the "Manipulating Hyphenation"
node, the program will crash.  (I found this by holding down the space
bar from the Top node.)

I was able to run the program with valgrind -vgdb-error=0 and attach
with gdb.  The error occurred in the text_buffer_iconv function, as
Jakub's log indicated.

[Prev in Thread]

Current Thread

[Next in Thread]

Fwd: Bug#1025940: info: buffer overflow in copy_converting(), Hilmar Preuße, 2022/12/12
- Re: Fwd: Bug#1025940: info: buffer overflow in copy_converting(), Gavin Smith <=

Prev by Date: Fwd: Bug#1025940: info: buffer overflow in copy_converting()
Next by Date: Re: [bug#59989] [PATCH] tests: Fix txinfo-include test for texinfo 7.x
Previous by thread: Fwd: Bug#1025940: info: buffer overflow in copy_converting()
Next by thread: Re: [bug#59989] [PATCH] tests: Fix txinfo-include test for texinfo 7.x
Index(es):
- Date
- Thread