info command segmentation fault

[Ivan Pacheco]

Hi. Just by curiosity I found a segfault inside the command info. If used well it can be a serious vulnerability.

Command:

$ info -k l

Details:

$ gdb --args info -k l
GNU gdb (GDB) 7.9.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from info...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/info -k l

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff784b2bb in malloc_consolidate () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff784b2bb in malloc_consolidate () from /usr/lib/libc.so.6
#1  0x00007ffff784c64d in _int_malloc () from /usr/lib/libc.so.6
#2  0x00007ffff784de05 in _int_realloc () from /usr/lib/libc.so.6
#3  0x00007ffff784f0f0 in realloc () from /usr/lib/libc.so.6
#4  0x00000000004230e6 in ?? ()
#5  0x0000000000408f97 in ?? ()
#6  0x0000000000409200 in ?? ()
#7  0x000000000040346a in ?? ()
#8  0x00007ffff77f4790 in __libc_start_main () from /usr/lib/libc.so.6
#9  0x00000000004034f1 in ?? ()

Possible hypothesis:
This segfault can be caused because there are too many results for the search so it dumps. Using only one letter as search pattern is enough to segfault it.

Possible patches:
1. Increase search size.
2. Catch the exception checking for an inevitable dump so the program doesn't segfault.