Certainly, see attached.
On 5/25/20 3:37 PM, Gavin Smith wrote:
On Mon, May 25, 2020 at 01:42:10PM -0400, Nathaniel Beaver wrote:
Steps to reproduce:
$ info -f ./bug_sigabrt.info
gconv.c:73: __gconv: Assertion `outbuf != NULL && *outbuf != NULL' failed.
Aborted (core dumped)
Expected behavior:
info shows an error and exits cleanly.
Actual behavior:
info exits with SIGABRT
Discussion:
This file was generated by afl-fuzz and then hand-edited. I do not claim to
understand how it triggers the bug in texinfo.
Thanks for testing this.
I'll take a look at it some time as well as your other report, but I
wonder if it is possible for you to compile with -O0 to avoid the
backtrace having many values which are "optimized out."
Thread 1 (process 29241):
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
set = {__val = {0, 93824994901296, 93824994832720, 140737346020832,
140737415839744, 93824994901296, 93824994901296, 93824994901296,
93824994901296, 93824994901378, 93824994901396, 93824994901296, 93824994901396,
0, 0, 0}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007ffff77fa801 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x5555557dfd30, sa_sigaction
= 0x5555557dfd30}, sa_mask = {__val = {0, 140737349573696, 0, 0, 0,
140737488343800, 0, 140737488343632, 140737347277264, 21474836480,
140737347262424, 0, 15733543727099189248, 140737347247380, 0,
140737347262424}}, sa_flags = -141109203, sa_restorer = 0x7ffff7971578}
sigs = {__val = {32, 0 <repeats 15 times>}}
__cnt = <optimized out>
__set = <optimized out>
__cnt = <optimized out>
__set = <optimized out>
#2 0x00007ffff77ea39a in __assert_fail_base (fmt=0x7ffff79717d8 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff7971578
"outbuf != NULL && *outbuf != NULL", file=file@entry=0x7ffff796d82d "gconv.c",
line=line@entry=73, function=function@entry=0x7ffff79715a0
<__PRETTY_FUNCTION__.8896> "__gconv") at assert.c:92
str = 0x5555557dfd30 ""
total = 4096
#3 0x00007ffff77ea412 in __GI___assert_fail
(assertion=assertion@entry=0x7ffff7971578 "outbuf != NULL && *outbuf != NULL",
file=file@entry=0x7ffff796d82d "gconv.c", line=line@entry=73,
function=function@entry=0x7ffff79715a0 <__PRETTY_FUNCTION__.8896> "__gconv") at
assert.c:101
No locals.
#4 0x00007ffff77dcc75 in __gconv (cd=0x5555557cf150,
inbuf=inbuf@entry=0x5555557ad8d0 <inptr>, inbufend=0x5555557ce558 "File:
example.info, Node: Top, Next: First Chapter, Up: (dir)\n\nGNU
Sample\n**********\n\nThis manual is for GNU Sample (version 1.0, 01 January
1970).\n\n* Menu:\n\n* First Chapter:: The first chapter "...,
outbuf=outbuf@entry=0x7fffffffd498, outbufend=<optimized out>,
irreversible=irreversible@entry=0x7fffffffd420) at gconv.c:73
last_start = <optimized out>
last_step = 1
result = <optimized out>
__PRETTY_FUNCTION__ = "__gconv"
fct = 0x7ffff77e22f0 <__gconv_transform_utf8_internal>
#5 0x00007ffff77dc3e6 in iconv (cd=<optimized out>, inbuf=0x5555557ad8d0
<inptr>, inbytesleft=0x7fffffffd4e0, outbuf=0x7fffffffd498,
outbytesleft=0x7fffffffd490) at iconv.c:52
instart = 0x5555557ce558 "File: example.info, Node: Top, Next: First
Chapter, Up: (dir)\n\nGNU Sample\n**********\n\nThis manual is for GNU Sample
(version 1.0, 01 January 1970).\n\n* Menu:\n\n* First Chapter:: The first
chapter "...
gcd = <optimized out>
outstart = <optimized out>
irreversible = <optimized out>
result = <optimized out>
__PRETTY_FUNCTION__ = "iconv"
#6 0x0000555555567060 in text_buffer_iconv (buf=0x5555557ae5f0 <output_buf>,
iconv_state=0x5555557cf150, inbuf=0x5555557ad8d0 <inptr>,
inbytesleft=0x7fffffffd4e0) at info-utils.c:1957
out_bytes_left = 0
outptr = 0x0
iconv_ret = 0
#7 0x0000555555565089 in copy_converting (n=0) at info-utils.c:838
bytes_left = 0
orig_bytes_left = 0
extra_at_end = 0
iconv_ret = 140737488344432
output_start = 0
utf8_char_free = 15733543727099189248
utf8_char = "\000\000\000"
utf8_char_ptr = 0x7fffffffd520 ""
orig_inptr = 0x7fffffffd9e0 "\003"
i = 6
#8 0x0000555555565446 in copy_input_to_output (n=151) at info-utils.c:1012
bytes_to_convert = 0
extra_written = 93824994829807
bytes_left = 151
#9 0x0000555555566669 in scan_node_contents (node=0x5555557cf000,
fb=0x5555557ce8d0, tag_ptr=0x5555557cead0) at info-utils.c:1660
in_parentheses = 0
entry = 0x7fffffffd610
in_menu = 0
match = 0x5555557ce5ef "\n* Menu:\n\n* First Chapter:: The first
chapter is the\n", ' ' <repeats 22 times>, "only chapter in this sample.\n*
Index::", ' ' <repeats 12 times>, "Complete index.\n\n\037\nFile: example.info,
Node: First Chapter, Next: Inde"...
refs = 0x5555557df250
refs_index = 0
refs_slots = 1
in_index = 0
#10 0x0000555555572532 in info_node_of_tag_ext (fb=0x5555557ce8d0,
tag_ptr=0x5555557cead0, fast=0) at nodes.c:1284
tag = 0x5555557cea30
node = 0x5555557cf000
is_anchor = 0
anchor_tag = 0x2f096a99
node_pos = 0
anchor_pos = 0
parent = 0x5555557ce8d0
subfile = 0x5555557ce8d0
#11 0x00005555555726ba in info_node_of_tag (fb=0x5555557ce8d0,
tag_ptr=0x5555557cead0) at nodes.c:1324
No locals.
#12 0x0000555555571e8f in info_get_node_of_file_buffer
(file_buffer=0x5555557ce8d0, nodename=0x5555557cdf30 "Top") at nodes.c:1069
tag = 0x5555557cea30
i = 0
node = 0x0
#13 0x0000555555571c38 in info_get_node_with_defaults
(filename_in=0x5555557cb490 "././bug_sigabrt.info", nodename_in=0x5555557cb620
"Top", defaults=0x0) at nodes.c:991
node = 0x0
file_buffer = 0x5555557ce8d0
filename = 0x5555557b3930 "././bug_sigabrt.info"
nodename = 0x5555557cdf30 "Top"
#14 0x00005555555774ac in info_select_reference (window=0x5555557cbcd0,
entry=0x5555557cb410) at session.c:2063
node = 0x5555557ada30 <txtresult>
file_system_error = 0x0
filename = 0x5555557cb490 "././bug_sigabrt.info"
nodename = 0x5555557cb620 "Top"
label = 0x0
line_number = 0
#15 0x0000555555573e81 in begin_multiple_window_info_session
(references=0x5555557cb5f0, error=0x0) at session.c:123
i = 0
window = 0x5555557cbcd0
#16 0x000055555557408f in info_session (ref_list=0x5555557cb5f0,
user_filename=0x0, error=0x0) at session.c:211
No locals.
#17 0x00005555555696a6 in main (argc=0, argv=0x7fffffffda00) at info.c:1079
getopt_long_index = 32767
init_file = 0x0
error = 0x0
