Infinite recursion on ENOMEM in g_vasprintf()
While fuzzing out-of-memory handling, I discovered that this part of g_vasprintf
causes infinite recursion, because g_error
(a.k.a g_log
) calls back into g_vasprintf
eventually:
if (saved_errno == ENOMEM)
g_error ("%s: failed to allocate memory", G_STRLOC);
This eventually leads to a SIGSEGV
when the stack overflows.
Stack trace:
#0 0x00007fc415536466 n/a (libc.so.6 + 0x7b466)
#1 0x00007fc415997de3 g_vasprintf (libglib-2.0.so.0 + 0xa5de3)
#2 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#3 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#4 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#5 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#6 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#7 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#8 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#9 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#10 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#11 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#12 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#13 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#14 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#15 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#16 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#17 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#18 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#19 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#20 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#21 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#22 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#23 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#24 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#25 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#26 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#27 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#28 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#29 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#30 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#31 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#32 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#33 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#34 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#35 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#36 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#37 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#38 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#39 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#40 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#41 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#42 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#43 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#44 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#45 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#46 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#47 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#48 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#49 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#50 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#51 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#52 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#53 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#54 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#55 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#56 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#57 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#58 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#59 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
#60 0x00007fc41594f994 g_log (libglib-2.0.so.0 + 0x5d994)
#61 0x00007fc415997e63 g_vasprintf (libglib-2.0.so.0 + 0xa5e63)
#62 0x00007fc4159683e2 g_strdup_vprintf (libglib-2.0.so.0 + 0x763e2)
#63 0x00007fc41594f519 g_logv (libglib-2.0.so.0 + 0x5d519)
Edited by John Lindgren