PSPP-BUG: [bug #54664] segfault in count

bug-gnu-pspp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c

From:	Tianxiao Gu
Subject:	PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c
Date:	Sat, 15 Sep 2018 03:41:20 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

URL:
  <https://savannah.gnu.org/bugs/?54664>

                 Summary: segfault in count_newlines in lexer.c
                 Project: PSPP
            Submitted by: tianxiaogu
            Submitted on: Sat 15 Sep 2018 07:41:18 AM UTC
                Category: Syntax Parser
                Severity: 5 - Average
                  Status: None
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: None
                  Effort: 0.00

    _______________________________________________________

Details:

When compiling pspp with address sanitizer, we can trigger the following
segfault.
When compiling pspp without address sanitizer, we cannot.

Reproduce:

./src/ui/terminal/pspp test-case0

=================================================================
==1955==ERROR: AddressSanitizer: SEGV on unknown address 0x614000010000 (pc
0x7f4f3fa4c540 bp 0x7fff1fae28a0 sp 0x7fff1fae2018 T0)
==1955==The signal is caused by a READ memory access.
    #0 0x7f4f3fa4c53f  (/lib/x86_64-linux-gnu/libc.so.6+0x18a53f)
    #1 0x7f4f411645a1  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x415a1)
    #2 0x7f4f40c52dfe in count_newlines src/language/lexer/lexer.c:906
    #3 0x7f4f40c52f85 in lex_source_get_last_line_number
src/language/lexer/lexer.c:926
    #4 0x7f4f40c534a9 in lex_get_last_line_number
src/language/lexer/lexer.c:1003
    #5 0x55f3ba564627 in output_msg src/ui/terminal/main.c:226
    #6 0x7f4f407f7314 in ship_message src/libpspp/message.c:283
    #7 0x7f4f407f76df in submit_note src/libpspp/message.c:309
    #8 0x7f4f407f7ad7 in process_msg src/libpspp/message.c:349
    #9 0x7f4f407f7b39 in msg_emit src/libpspp/message.c:363
    #10 0x7f4f40c5443c in lex_source_read__ src/language/lexer/lexer.c:1206
    #11 0x7f4f40c55d4d in lex_source_get__ src/language/lexer/lexer.c:1398
    #12 0x7f4f40c50c29 in lex_get src/language/lexer/lexer.c:228
    #13 0x55f3ba564051 in main src/ui/terminal/main.c:135
    #14 0x7f4f3f8e3b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #15 0x55f3ba563ac9 in _start
(/home/t/Projects/fuzzing/pspp/pspp/src/ui/terminal/.libs/pspp+0x4ac9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18a53f) 
==1955==ABORTING



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sat 15 Sep 2018 07:41:18 AM UTC  Name: test-case-0  Size: 339B   By:
tianxiaogu

<http://savannah.gnu.org/bugs/download.php?file_id=45015>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?54664>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c, Tianxiao Gu <=
- Re: PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c, Friedrich Beckmann, 2018/09/15
- PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c, Tianxiao Gu, 2018/09/18
  - PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c, Ben Pfaff, 2018/09/24

Prev by Date: PSPP-BUG: [bug #54663] heap buffer overflow in is_end_data
Next by Date: Re: PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c
Previous by thread: PSPP-BUG: [bug #54663] heap buffer overflow in is_end_data
Next by thread: Re: PSPP-BUG: [bug #54664] segfault in count_newlines in lexer.c
Index(es):
- Date
- Thread