[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bison crash] Segmentation fault at quotearg_buffer_restyled
From: |
Ahcheong Lee |
Subject: |
[bison crash] Segmentation fault at quotearg_buffer_restyled |
Date: |
Fri, 6 Mar 2020 14:49:21 +0900 |
Hello, this is Ahcheong Lee
I'm currently working on a new fuzzing technique, and I found some crashes
on GNU bison3.5.2.
For ease of maintenance, I'll send one crash by one by email.
I've found there was similar crash report on bison3.3 (link
<https://lists.gnu.org/archive/html/bug-bison/2019-03/msg00008.html>),
the crash was fixed, but it seems it appeared again.
There was a segmentation fault on quotearg_buffer_restyled,
lib/quotearg.c:400
You can reproduce it with the following command:
./bison <attached file>
This is call stack info:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000462dd5 in quotearg_buffer_restyled (buffer=0x69cb90
"debugger11/id:000015", buffersize=21, arg=0x0,
argsize=18446744073709551615,
quoting_style=escape_quoting_style, flags=1,
quote_these_too=0x7fffffffa948, left_quote=0x0, right_quote=0x0) at
lib/quotearg.c:400
400 for (i = 0; ! (argsize == SIZE_MAX ? arg[i] == '\0' : i ==
argsize); i++)
(gdb) bt
#0 0x0000000000462dd5 in quotearg_buffer_restyled (buffer=0x69cb90
"debugger11/id:000015", buffersize=21, arg=0x0,
argsize=18446744073709551615,
quoting_style=escape_quoting_style, flags=1,
quote_these_too=0x7fffffffa948, left_quote=0x0, right_quote=0x0) at
lib/quotearg.c:400
#1 0x0000000000463402 in quotearg_n_options (n=3, arg=0x0,
argsize=18446744073709551615, options=0x7fffffffa940) at lib/quotearg.c:907
#2 0x00000000004635cd in quotearg_n_style (n=3, s=escape_quoting_style,
arg=0x0) at lib/quotearg.c:958
#3 0x00000000004162e5 in location_print (loc=..., out=0x7ffff7dd2540
<_IO_2_1_stderr_>) at src/location.c:179
#4 0x00000000004076b8 in error_message (loc=0x692a88,
indent=0x7fffffffabbc, flags=Wother, sever=severity_warning,
message=0x47881d "previous declaration", args=0x7fffffffaac0) at
src/complain.c:430
#5 0x0000000000407987 in complains (loc=0x692a88, indent=0x7fffffffabbc,
flags=Wother, message=0x47881d "previous declaration", args=0x7fffffffaac0)
at src/complain.c:488
#6 0x0000000000407b40 in complain_indent (loc=0x692a88, flags=Wother,
indent=0x7fffffffabbc, message=0x47881d "previous declaration")
at src/complain.c:510
#7 0x000000000044d1ce in symbol_class_set (sym=0x692a80, class=token_sym,
loc=..., declaring=true) at src/symtab.c:552
#8 0x000000000042eee2 in gram_parse () at src/parse-gram.y:538
#9 0x0000000000436978 in reader (gram=0x691bb0 "debugger11/id:000015") at
src/reader.c:716
#10 0x0000000000417e3d in main (argc=2, argv=0x7fffffffe378) at
src/main.c:104
Thank you,
Ahcheong Lee
---------------------------------------------
Ahcheong Lee, Master's student
School of Computing, KAIST
Room# 2438, E3-1, KAIST
373-1 Guseong-dong, Yuseong-gu
Daejeon, South Korea 34141
Phone : 010-7350-3811
------------------------------------------------
bison_crash_quotearg_buffer_restyled
Description: Binary data