SEGV in bison at src/lssi:297

From: Irfan Ariq
Subject: SEGV in bison at src/lssi:297
Date: Mon, 4 Oct 2021 23:57:15 +0900


We are currently working on fuzz testing feature, and we found a *SEGV* error
on `bison`.

The stack traces are as follow:

==29725==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x5577cbd45d4a bp 0x7ffda59e9300 sp 0x7ffda59e7260 T0)
> ==29725==The signal is caused by a READ memory access.
> ==29725==Hint: address points to the zero page.
>     #0 0x5577cbd45d49 in intersect src/lssi.c:297
>     #1 0x5577cbd46333 in lssi_reverse_production src/lssi.c:361
>     #2 0x5577cbd8ab93 in simulate_reduction src/parse-simulation.c:536
>     #3 0x5577cbd166f2 in reduction_step src/counterexample.c:834
>     #4 0x5577cbd1849e in generate_next_states src/counterexample.c:1047
>     #5 0x5577cbd19417 in unifying_example src/counterexample.c:1182
>     #6 0x5577cbd19e04 in counterexample_report src/counterexample.c:1277
>     #7 0x5577cbd1ae65 in counterexample_report_reduce_reduce
> src/counterexample.c:1350
>     #8 0x5577cbd1b863 in counterexample_report_state
> src/counterexample.c:1394
>     #9 0x5577cbd952e0 in print_state src/print.c:366
>     #10 0x5577cbd9617a in print_results src/print.c:473
>     #11 0x5577cbd46ee4 in main src/main.c:188

The full stack trace is attached.

   - *Step to reproduce*

We configured `bison` using `*CFLAGS="-g -O0 -fsanitize=address"
./configure --prefix=$(pwd)/ --disable-shared*` and build it using `*make
-j 10*`, and run it with:

./bison --feature=caret --debug --report=all --graph=all -p
> --graph=precedence <attached file> --verbose

The input file is attached.

   - *Environment*

- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- Bison version: latest commit (7c90a28) of master branch in github ([link](

Thank you.

Attachment: full_stacktrace_poc_2.zip
Description: Zip compressed data

Attachment: input_bison_poc_2.zip
Description: Zip compressed data

