AddressSanitizer reports a heap buffer overflow from skip_node

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AddressSanitizer reports a heap buffer overflow from skip_node_separator

From:	Nathaniel Beaver
Subject:	AddressSanitizer reports a heap buffer overflow from skip_node_separator() on malformed info file
Date:	Thu, 6 May 2021 22:09:04 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

Steps to reproduce:
Compile with -fsanitize=address, then run:

info -f reproduce_bug.info

Expected behavior:

info does not trigger AddressSanitizer errors.

Actual behavior:

AddressSanitizer reports a heap-buffer-overflow fromskip_node_separator() in info/search.c:645


Comments:

This file was generated by afl-fuzz and then hand-edited; I don'tunderstand how it creates a heap buffer overflow.


Sincerely,

Nathaniel Beaver

P.S. Version information:

$ git describe --tags
texinfo-6.6-794-ga11612ff66
$ git rev-parse HEAD
a11612ff665391142fc8adb90796741cabb3b683
$ info/ginfo --version | head -n 1
info (GNU texinfo) 6.7.90

address-sanitizer.txt
Description: Text document

original.info
Description: application/info

reproduce_bug.info
Description: application/info

[Prev in Thread]

Current Thread

[Next in Thread]

AddressSanitizer reports a heap buffer overflow from skip_node_separator() on malformed info file, Nathaniel Beaver <=

Prev by Date: Re: how to skip default css format lines in html output
Next by Date: Re: how to skip default css format lines in html output
Previous by thread: Re: AddressSanitizer reports a heap buffer overflow from scan_node_contents() on malformed info file
Next by thread: "make distclean" doesn't remove Gnulib header(s)
Index(es):
- Date
- Thread