Dear maintainers of pspp:
The poc to trigger this bug is in the attached file.
command to run:
pspp nullpointer_pspp
Console output:
./nullpointer_pspp:1.1-1.2: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.2-1.3: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.3-1.4: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.4-1.5: error: Bad character U+FFFD in input.
1 | ����
| ^~
******************************************************
You have discovered a bug in PSPP. Please report this
to
bug-gnu-pspp@gnu.org. Please include this entire
message, *plus* several lines of output just above it.
For the best chance at having the bug fixed, also
include the syntax file that triggered it and a sample
of any data file used for input.
proximate cause: Segmentation Violation
version: GNU pspp 2.0.1
host_system: x86_64-pc-linux-gnu
build_system: x86_64-pc-linux-gnu
locale_dir: /usr/local/share/locale
compiler version: Ubuntu Clang 15.0.7
******************************************************
Segmentation fault
GDB output:
./nullpointer_pspp:1.1-1.2: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.2-1.3: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.3-1.4: error: Bad character U+FFFD in input.
1 | ����
| ^~
./nullpointer_pspp:1.4-1.5: error: Bad character U+FFFD in input.
1 | ����
| ^~
Program received signal SIGSEGV, Segmentation fault.
__strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77
77 ../sysdeps/x86_64/multiarch/strlen-evex.S: No such file or directory.
(gdb) x/10i $pc
=> 0x7ffff74ba0bc <__strlen_evex+28>: vpcmpeqb (%rdi),%ymm16,%k0
0x7ffff74ba0c3 <__strlen_evex+35>: kmovd %k0,%eax
0x7ffff74ba0c7 <__strlen_evex+39>: test %eax,%eax
0x7ffff74ba0c9 <__strlen_evex+41>: je 0x7ffff74ba120 <__strlen_evex+128>
0x7ffff74ba0cb <__strlen_evex+43>: tzcnt %eax,%eax
0x7ffff74ba0cf <__strlen_evex+47>: ret
0x7ffff74ba0d0 <__strlen_evex+48>: tzcnt %eax,%eax
0x7ffff74ba0d4 <__strlen_evex+52>: sub %edx,%edi
0x7ffff74ba0d6 <__strlen_evex+54>: lea 0x20(%rdi,%rax,1),%eax
0x7ffff74ba0da <__strlen_evex+58>: ret
(gdb) info registers
rax 0x0 0
rbx 0x0 0
rcx 0x555555ecce00 93825002163712
rdx 0xf5f5f5f5f5f5f5f5 -723401728380766731
rsi 0x7ffff2df3fa0 140737268105120
rdi 0x0 0
rbp 0x7fffffffe000 0x7fffffffe000
rsp 0x7fffffffd7b8 0x7fffffffd7b8
r8 0x7ffff7fb1000 140737353814016
r9 0x7ffff1d0ec40 140737250389056
r10 0x7fffffffd6e8 140737488344808
r11 0x58 88
r12 0x7fffffffe638 140737488348728
r13 0x0 0
r14 0x555555e59f70 93825001693040
r15 0x7ffff7ffd040 140737354125376
rip 0x7ffff74ba0bc 0x7ffff74ba0bc <__strlen_evex+28>
eflags 0x10283 [ CF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
k0 0xffffffe0 4294967264
k1 0x1f 31
k2 0x313000f 51576847
k3 0x0 0
k4 0x0 0
k5 0x0 0
k6 0x0 0
k7 0x0 0
(gdb) bt
#0 __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77
#1 0x000055555569703a in strlen ()
#2 0x0000555555c6dadd in xstrdup (string=0x0) at gl/xmalloc.c:339
#3 0x000055555596e5c9 in show_TITLE (ds=0x612000000040) at src/language/commands/set.c:1043
#4 0x000055555596e6e7 in do_show (ds=0x612000000040, s=0x7ffff2e1b940, ptp=0x7ffff2e1b920) at src/language/commands/set.c:1256
#5 0x000055555596d954 in cmd_show (lexer=0x604000000650, ds=0x612000000040) at src/language/commands/set.c:1475
#6 0x0000555555744996 in do_parse_command (lexer=0x604000000650, ds=0x612000000040, state=CMD_STATE_INITIAL) at src/language/command.c:244
#7 0x00005555557442d0 in cmd_parse_in_state (lexer=0x604000000650, ds=0x612000000040, state=CMD_STATE_INITIAL) at src/language/command.c:150
#8 0x0000555555744b9b in cmd_parse (lexer=0x604000000650, ds=0x612000000040) at src/language/command.c:165
#9 0x0000555555740135 in main (argc=2, argv=0x7fffffffe638) at src/ui/terminal/main.c:139