Steps to reproduce: $ info -f ./bug_sigabrt.info gconv.c:73: __gconv: Assertion `outbuf != NULL && *outbuf != NULL' failed. Aborted (core dumped)
Expected behavior: info shows an error and exits cleanly. Actual behavior: info exits with SIGABRT Discussion:This file was generated by afl-fuzz and then hand-edited. I do not claim to understand how it triggers the bug in texinfo.
Version: $ git describe --tags texinfo-6.6-364-g63711e8c6 $ git rev-parse HEAD 63711e8c6fafe9b3cde2a2d0be507032d7ee7bf6 Sincerely, Nathaniel Beaver
bug_sigabrt.info.gz
Description: application/gzip
Thread 1 (process 22509):
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
set = {__val = {0, 93824994843952, 93824994775376, 140737346020832,
140737415839744, 93824994843952, 93824994843952, 93824994843952,
93824994843952, 93824994844034, 93824994844052, 93824994843952, 93824994844052,
0, 0, 0}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007ffff77fa801 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x5555557d1d30, sa_sigaction
= 0x5555557d1d30}, sa_mask = {__val = {0, 140737349573696, 0, 0, 0,
140737488344072, 0, 140737488343904, 140737347277264, 21474836480,
140737347262424, 0, 3348048073938298624, 140737347247380, 0, 140737347262424}},
sa_flags = -141109203, sa_restorer = 0x7ffff7971578}
sigs = {__val = {32, 0 <repeats 15 times>}}
__cnt = <optimized out>
__set = <optimized out>
__cnt = <optimized out>
__set = <optimized out>
#2 0x00007ffff77ea39a in __assert_fail_base (fmt=0x7ffff79717d8 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff7971578
"outbuf != NULL && *outbuf != NULL", file=file@entry=0x7ffff796d82d "gconv.c",
line=line@entry=73, function=function@entry=0x7ffff79715a0
<__PRETTY_FUNCTION__.8896> "__gconv") at assert.c:92
str = 0x5555557d1d30 ""
total = 4096
#3 0x00007ffff77ea412 in __GI___assert_fail
(assertion=assertion@entry=0x7ffff7971578 "outbuf != NULL && *outbuf != NULL",
file=file@entry=0x7ffff796d82d "gconv.c", line=line@entry=73,
function=function@entry=0x7ffff79715a0 <__PRETTY_FUNCTION__.8896> "__gconv") at
assert.c:101
No locals.
#4 0x00007ffff77dcc75 in __gconv (cd=0x5555557c1150,
inbuf=inbuf@entry=0x55555579f1e0 <inptr>, inbufend=0x5555557c0558 "File:
example.info, Node: Top, Next: First Chapter, Up: (dir)\n\nGNU
Sample\n**********\n\nThis manual is for GNU Sample (version 1.0, 01 January
1970).\n\n* Menu:\n\n* First Chapter:: The first chapter "...,
outbuf=outbuf@entry=0x7fffffffd590, outbufend=<optimized out>,
irreversible=irreversible@entry=0x7fffffffd530) at gconv.c:73
last_start = <optimized out>
last_step = 1
result = <optimized out>
__PRETTY_FUNCTION__ = "__gconv"
fct = 0x7ffff77e22f0 <__gconv_transform_utf8_internal>
#5 0x00007ffff77dc3e6 in iconv (cd=<optimized out>,
inbuf=inbuf@entry=0x55555579f1e0 <inptr>,
inbytesleft=inbytesleft@entry=0x7fffffffd5f0,
outbuf=outbuf@entry=0x7fffffffd590,
outbytesleft=outbytesleft@entry=0x7fffffffd588) at iconv.c:52
instart = 0x5555557c0558 "File: example.info, Node: Top, Next: First
Chapter, Up: (dir)\n\nGNU Sample\n**********\n\nThis manual is for GNU Sample
(version 1.0, 01 January 1970).\n\n* Menu:\n\n* First Chapter:: The first
chapter "...
gcd = <optimized out>
outstart = <optimized out>
irreversible = <optimized out>
result = <optimized out>
__PRETTY_FUNCTION__ = "iconv"
#6 0x0000555555565c0b in text_buffer_iconv (buf=buf@entry=0x55555579feb0
<output_buf>, iconv_state=<optimized out>, inbuf=inbuf@entry=0x55555579f1e0
<inptr>, inbytesleft=inbytesleft@entry=0x7fffffffd5f0) at info-utils.c:1957
out_bytes_left = 0
outptr = 0x0
iconv_ret = <optimized out>
#7 0x0000555555565ebc in copy_converting (n=0) at info-utils.c:838
utf8_char_ptr = 0x5555557c1048 "p\022}UUU"
orig_bytes_left = <optimized out>
extra_at_end = 0
output_start = 0
utf8_char = "UU\000"
orig_inptr = <optimized out>
bytes_left = 0
iconv_ret = <optimized out>
utf8_char_free = 140737488344768
i = 93824994773712
bytes_left = <optimized out>
orig_bytes_left = <optimized out>
extra_at_end = <optimized out>
iconv_ret = <optimized out>
output_start = <optimized out>
utf8_char_free = <optimized out>
utf8_char = <optimized out>
utf8_char_ptr = <optimized out>
orig_inptr = <optimized out>
i = <optimized out>
#8 copy_input_to_output (n=n@entry=151) at info-utils.c:1012
bytes_to_convert = 0
extra_written = <optimized out>
bytes_left = <optimized out>
#9 0x0000555555566c1b in copy_input_to_output (n=151) at info-utils.c:1660
bytes_left = <optimized out>
bytes_to_convert = <optimized out>
extra_written = <optimized out>
first_anchor = <optimized out>
#10 scan_node_contents (node=node@entry=0x5555557c1000,
fb=fb@entry=0x5555557c08d0, tag_ptr=tag_ptr@entry=0x5555557c0ad0) at
info-utils.c:1660
in_parentheses = 0
entry = <optimized out>
in_menu = 0
match = <optimized out>
refs = 0x5555557d1250
refs_index = 0
refs_slots = 1
in_index = 0
#11 0x000055555556e3ee in info_node_of_tag_ext (fb=0x5555557c08d0,
tag_ptr=0x5555557c0ad0, fast=<optimized out>) at nodes.c:1284
tag = 0x5555557c0a30
node = 0x5555557c1000
is_anchor = 0
anchor_tag = <optimized out>
node_pos = <optimized out>
anchor_pos = <optimized out>
parent = 0x5555557c08d0
subfile = 0x5555557c08d0
#12 0x000055555556e725 in info_get_node_with_defaults (filename_in=<optimized
out>, nodename_in=nodename_in@entry=0x5555557bd620 "Top", defaults=<optimized
out>) at nodes.c:991
node = 0x0
file_buffer = 0x5555557c08d0
filename = 0x5555557a5930 "././bug_sigabrt.info"
nodename = 0x5555557bff30 "Top"
#13 0x0000555555573e1c in info_select_reference
(window=window@entry=0x5555557bdcd0, entry=<optimized out>) at session.c:2063
node = <optimized out>
file_system_error = 0x0
filename = <optimized out>
nodename = 0x5555557bd620 "Top"
label = 0x0
line_number = 0
#14 0x0000555555578171 in begin_multiple_window_info_session (error=<optimized
out>, references=<optimized out>) at session.c:123
i = <optimized out>
window = 0x5555557bdcd0
i = <optimized out>
window = <optimized out>
win = <optimized out>
largest = <optimized out>
max_height = <optimized out>
#15 info_session (ref_list=<optimized out>, user_filename=0x0, error=<optimized
out>) at session.c:211
No locals.
#16 0x000055555555c76f in main (argc=<optimized out>, argv=<optimized out>) at
info.c:1079
getopt_long_index = -9960
init_file = <optimized out>
error = 0x0
quit
