Hello,
We are developing a new fuzzer, and it found new assertion bug in the latest pspp executable.
Command Input
pspp poc_file -b --syntax- =
poc_file is attached.
Output
...
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.4: error: VECTOR: Bad character `\' in input.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.5: error: VECTOR: Bad character U+0010 in input.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.5: error: VECTOR: Bad character U+0000 in input.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.5: error: VECTOR: Bad character U+0000 in input.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.5: error: VECTOR: Bad character U+0000 in input.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:19.23: error: VECTOR: Syntax error expecting `=' or `('.
19 | vec\
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:21.5: error: NUMERIC: Bad character U+007F in input.
21 | nume�c
n
| ^
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:21.5-21.6: error: NUMERIC: Bad character U+FFFD in input.
21 | nume�c
n
| ^~
/home/youngseok/data/230327/asan_inter_30_30_shrink5_1_230308/pspp/5_id:000718/poc_file:21.7: error: NUMERIC: Bad character U+007F in input.
21 | nume�c
n
| ^
pspp: src/data/dictionary.c:813: dict_create_var_assert: Assertion `dict_lookup_var (d, name) == NULL' failed.
Stack Trace
#0 0x00007ffff56cae87 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff56cc7f1 in __GI_abort () at abort.c:79
#2 0x00007ffff56bc3fa in __assert_fail_base (fmt=0x7ffff58436c0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff66ee9c0 "dict_lookup_var (d, name) == NULL", file=file@entry=0x7ffff66ee780 "src/data/dictionary.c", line=line@entry=813, function=function@entry=0x7ffff66ef3e0 <__PRETTY_FUNCTION__.11927> "dict_create_var_assert") at assert.c:92
#3 0x00007ffff56bc472 in __GI___assert_fail (assertion=0x7ffff66ee9c0 "dict_lookup_var (d, name) == NULL", file=0x7ffff66ee780 "src/data/dictionary.c", line=813, function=0x7ffff66ef3e0 <__PRETTY_FUNCTION__.11927> "dict_create_var_assert") at assert.c:101
#4 0x00007ffff6580944 in dict_create_var_assert (d=0x612000002440, name=0x602000021dd0 "li11", width=0) at src/data/dictionary.c:813
#5 0x00007ffff6aca7f8 in cmd_vector (lexer=0x6040000007d0, ds=0x612000000040) at src/language/commands/vector.c:204
#6 0x00007ffff690d362 in do_parse_command (lexer=0x6040000007d0, ds=0x612000000040, state=CMD_STATE_DATA) at src/language/command.c:243
#7 0x00007ffff690cd0a in cmd_parse_in_state (lexer=0x6040000007d0, ds=0x612000000040, state=CMD_STATE_DATA) at src/language/command.c:149
#8 0x00007ffff690cdda in cmd_parse (lexer=0x6040000007d0, ds=0x612000000040) at src/language/command.c:164
#9 0x0000555555559e7b in main (argc=5, argv=0x7fffffffe018) at src/ui/terminal/main.c:139
Environment
OS: Ubuntu 18.04
gcc: 7.5.0
pspp: 1.6.2 (master branch - git commit id eb1521cd226e0b8cafab7c72d860b21eda71662)
Note that pspp is built with address sanitizer and several options:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --prefix=`pwd`/install_main --without-perl-module --without-gui
Thank you.
Youngseok Choi
poc_file