bug-bison
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bison crash] Segmentation fault at quotearg_buffer_restyled

From: Ahcheong Lee
Subject: [bison crash] Segmentation fault at quotearg_buffer_restyled
Date: Fri, 6 Mar 2020 14:49:21 +0900 
Hello, this is Ahcheong Lee
I'm currently working on a new fuzzing technique, and I found some crashes
on GNU bison3.5.2.
For ease of maintenance, I'll send one crash by one by email.


I've found there was similar crash report on bison3.3 (link
<https://lists.gnu.org/archive/html/bug-bison/2019-03/msg00008.html>),
the crash was fixed, but it seems it appeared again.

There was a segmentation fault on quotearg_buffer_restyled,
lib/quotearg.c:400
You can reproduce it with the following command:
./bison <attached file>

This is call stack info:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000462dd5 in quotearg_buffer_restyled (buffer=0x69cb90
"debugger11/id:000015", buffersize=21, arg=0x0,
argsize=18446744073709551615,
    quoting_style=escape_quoting_style, flags=1,
quote_these_too=0x7fffffffa948, left_quote=0x0, right_quote=0x0) at
lib/quotearg.c:400
400       for (i = 0;  ! (argsize == SIZE_MAX ? arg[i] == '\0' : i ==
argsize);  i++)
(gdb) bt
#0  0x0000000000462dd5 in quotearg_buffer_restyled (buffer=0x69cb90
"debugger11/id:000015", buffersize=21, arg=0x0,
argsize=18446744073709551615,
    quoting_style=escape_quoting_style, flags=1,
quote_these_too=0x7fffffffa948, left_quote=0x0, right_quote=0x0) at
lib/quotearg.c:400
#1  0x0000000000463402 in quotearg_n_options (n=3, arg=0x0,
argsize=18446744073709551615, options=0x7fffffffa940) at lib/quotearg.c:907
#2  0x00000000004635cd in quotearg_n_style (n=3, s=escape_quoting_style,
arg=0x0) at lib/quotearg.c:958
#3  0x00000000004162e5 in location_print (loc=..., out=0x7ffff7dd2540
<_IO_2_1_stderr_>) at src/location.c:179
#4  0x00000000004076b8 in error_message (loc=0x692a88,
indent=0x7fffffffabbc, flags=Wother, sever=severity_warning,
    message=0x47881d "previous declaration", args=0x7fffffffaac0) at
src/complain.c:430
#5  0x0000000000407987 in complains (loc=0x692a88, indent=0x7fffffffabbc,
flags=Wother, message=0x47881d "previous declaration", args=0x7fffffffaac0)
    at src/complain.c:488
#6  0x0000000000407b40 in complain_indent (loc=0x692a88, flags=Wother,
indent=0x7fffffffabbc, message=0x47881d "previous declaration")
    at src/complain.c:510
#7  0x000000000044d1ce in symbol_class_set (sym=0x692a80, class=token_sym,
loc=..., declaring=true) at src/symtab.c:552
#8  0x000000000042eee2 in gram_parse () at src/parse-gram.y:538
#9  0x0000000000436978 in reader (gram=0x691bb0 "debugger11/id:000015") at
src/reader.c:716
#10 0x0000000000417e3d in main (argc=2, argv=0x7fffffffe378) at
src/main.c:104

Thank you,
Ahcheong Lee
---------------------------------------------
Ahcheong Lee, Master's student
School of Computing, KAIST
Room# 2438, E3-1, KAIST
373-1 Guseong-dong, Yuseong-gu
Daejeon, South Korea 34141
Phone : 010-7350-3811
------------------------------------------------

Attachment: bison_crash_quotearg_buffer_restyled
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]