Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTMLlineproc0 infinite recursion #36

Closed
kcwu opened this issue Nov 7, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@kcwu
Copy link
Contributor

commented Nov 7, 2016

input

00000000: 3c74 6162 6c65 3e30 3c6e 6f62 722f 3c3e  <table>0<nobr/<>
00000010: 303c 786d 703e 3c74 6162 6c65 3e30 3030  0<xmp><table>000
00000020: 3030 3030 3030 303c 696e 7075 745f 616c  0000000<input_al
00000030: 7420 626f 7474 6f6d 5f6d 6172 6769 6e3d  t bottom_margin=
00000040: 3930 3030 3030 3e30 3030 3030 3030 3030  900000>000000000
00000050: 3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
00000060: 3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
00000070: 3030 3030 3030 3030 3030 3030 3030 3030  0000000000000000
00000080: 3030 3030 3030 3030 3030 3030 30         0000000000000

gdb --args w3m -T text/html -dump file

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff78800fe in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
(gdb) bt 50
#0  0x00007ffff78800fe in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#1  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#2  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#3  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#4  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#5  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#6  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#7  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#8  0x00007ffff7880116 in GC_clear_stack_inner () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#9  0x00007ffff787cdcc in GC_generic_malloc_many () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#10 0x00007ffff7885b89 in GC_malloc_atomic () from /usr/lib/x86_64-linux-gnu/libgc.so.1
#11 0x0000000000479fa7 in Strgrow (x=0xc37380) at Str.c:239
#12 0x0000000000439530 in read_token (buf=0xc37380, instr=0x7fffff802c98, status=0x7fffffffb624, pre=0, append=0) at etc.c:825
#13 0x000000000042b583 in HTMLlineproc0 (line=0xc365a0 '0' <repeats 70 times>, h_env=0x7fffffffb420, internal=1) at file.c:6359
#14 0x000000000042c363 in HTMLlineproc0 (line=0xc36046 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#15 0x000000000042c363 in HTMLlineproc0 (line=0xc368b6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#16 0x000000000042c363 in HTMLlineproc0 (line=0xc35c26 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#17 0x000000000042c363 in HTMLlineproc0 (line=0xc36d66 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#18 0x000000000042c363 in HTMLlineproc0 (line=0xc36a96 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#19 0x000000000042c363 in HTMLlineproc0 (line=0xc367c6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#20 0x000000000042c363 in HTMLlineproc0 (line=0xc364f6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#21 0x000000000042c363 in HTMLlineproc0 (line=0xc36226 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#22 0x000000000042c363 in HTMLlineproc0 (line=0xc36096 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#23 0x000000000042c363 in HTMLlineproc0 (line=0xc36186 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#24 0x000000000042c363 in HTMLlineproc0 (line=0xc36276 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#25 0x000000000042c363 in HTMLlineproc0 (line=0xc36366 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#26 0x000000000042c363 in HTMLlineproc0 (line=0xc36456 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#27 0x000000000042c363 in HTMLlineproc0 (line=0xc36546 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#28 0x000000000042c363 in HTMLlineproc0 (line=0xc36636 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#29 0x000000000042c363 in HTMLlineproc0 (line=0xc36726 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#30 0x000000000042c363 in HTMLlineproc0 (line=0xc36816 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#31 0x000000000042c363 in HTMLlineproc0 (line=0xc36906 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#32 0x000000000042c363 in HTMLlineproc0 (line=0xc369f6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#33 0x000000000042c363 in HTMLlineproc0 (line=0xc36ae6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#34 0x000000000042c363 in HTMLlineproc0 (line=0xc36bd6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#35 0x000000000042c363 in HTMLlineproc0 (line=0xc36cc6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#36 0x000000000042c363 in HTMLlineproc0 (line=0xc36db6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#37 0x000000000042c363 in HTMLlineproc0 (line=0xc36ea6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#38 0x000000000042c363 in HTMLlineproc0 (line=0xc36f96 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#39 0x000000000042c363 in HTMLlineproc0 (line=0xc353b6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#40 0x000000000042c363 in HTMLlineproc0 (line=0xc35686 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#41 0x000000000042c363 in HTMLlineproc0 (line=0xc35ef6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#42 0x000000000042c363 in HTMLlineproc0 (line=0xc35e06 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#43 0x000000000042c363 in HTMLlineproc0 (line=0xc35b36 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#44 0x000000000042c363 in HTMLlineproc0 (line=0xc35866 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#45 0x000000000042c363 in HTMLlineproc0 (line=0xc35596 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#46 0x000000000042c363 in HTMLlineproc0 (line=0xc352c6 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#47 0x000000000042c363 in HTMLlineproc0 (line=0xc35046 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#48 0x000000000042c363 in HTMLlineproc0 (line=0xc35136 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
#49 0x000000000042c363 in HTMLlineproc0 (line=0xc35226 "", h_env=0x7fffffffb420, internal=1) at file.c:6615
(More stack frames follow...)

found by afl-fuzz

tats added a commit that referenced this issue Nov 7, 2016

@tats

This comment has been minimized.

Copy link
Owner

commented Nov 7, 2016

Fixed, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.