On 21 January 2017 at 17:03, Hanno Böck <[email protected]> wrote: > Hi, > > The attached file causes an out of bounds memory read in texinfo (test > with ginfo -f [file] -o -). This was found with the fuzzing tool > american fuzzy lop. > You need a memory safety tool like address sanitizer > (-fsanitize=address in CFLAGS) to see this bug. > > Here's a stack trace from address sanitizer: > > ==31399==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x60200004bb4f at pc 0x00000055180f bp 0x7ffd8696cf80 sp 0x7ffd8696cf78 > READ of size 1 at 0x60200004bb4f thread T0 > #0 0x55180e in find_node_separator /f/texinfo/trunk/info/search.c:473:11 > #1 0x55180e in find_file_section /f/texinfo/trunk/info/search.c:551 > #2 0x544ba6 in build_tags_and_nodes /f/texinfo/trunk/info/nodes.c:90:20 > #3 0x549402 in info_load_file /f/texinfo/trunk/info/nodes.c:755:5 > #4 0x548c0d in info_find_file /f/texinfo/trunk/info/nodes.c:665:17 > #5 0x54a533 in info_get_node_with_defaults > /f/texinfo/trunk/info/nodes.c:988:19 > #6 0x56de02 in dump_node_to_stream /f/texinfo/trunk/info/session.c:3764:10 > #7 0x56dad2 in dump_nodes_to_file /f/texinfo/trunk/info/session.c:3727:11 > #8 0x531e19 in main /f/texinfo/trunk/info/info.c:1073:7 > #9 0x7fd420ae678f in __libc_start_main (/lib64/libc.so.6+0x2078f) > #10 0x41a598 in _start (/old-ram1/texinfo/ginfo+0x41a598)
Thanks, I've committed a fix.
