[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
heap-buffer overflow when searching for regex @\*
From: |
Benno Schulenberg |
Subject: |
heap-buffer overflow when searching for regex @\* |
Date: |
Sun, 17 Oct 2021 10:52:00 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
Hi,
When compiling the 'info' program or GNU nano with -fsanitize=address,
then searching in either of the programs for the regex "@\*" (without
the quotes) causes an abortion in gnulib's re_search_internal() at
lib/regexec.c:764.
To reproduce, configure texinfo-6.8 with CFLAGS="-g -O0 -march=native
-fsanitize=address", compile, and then run 'info/ginfo texinfo 2>TRAIL'
and search for "@\*". In other words, type: /@\*<Enter>. Then type
five times Shift+}. Result: info aborts. See the attached output.
To reproduce with nano, first run 'makeinfo --plain doc/texinfo.texi
>thetext' in the texinfo-6.8 directory, then configure nano-5.9 with
the same CFLAGS, compile, and then run 'src/nano +1 thetext 2>TRAIL'
and type: Ctrl+W Alt+R @\*<Enter>. Type type six times Alt+W. Result:
nano aborts. See the attached output.
Problem still occurs when using a current checkout of gnulib.
Benno
TRAIL-info
Description: Text document
TRAIL-nano
Description: Text document
OpenPGP_signature
Description: OpenPGP digital signature
- heap-buffer overflow when searching for regex @\*,
Benno Schulenberg <=