[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug recap

From: apache2
Subject: Bug recap
Date: Sat, 2 Apr 2022 02:19:17 +0200
User-agent: Mutt/1.9.3 (2018-01-21)

Here are some of the bugs my fuzzing turned up that are still open:

1. The parser currently aborts if you give it a token that is longer than 16384 
bytes long.
   examples could be 111...111 [16385 times] (not very likely to turn up in a 
Poke program)
   or a string "aaaaaaa...aaaa" (more likely in the real world, I guess).
   While it might be nice to support long string literals, a more immediate 
solution to this
   might be to just report it as a syntax error. That would make it easier for 
me to sift through
   future fuzz results, at least. :-)

2. This segfaults:
   type x=struct{int[0'size*0**0];}
   I don't know why, but it seems to have to do with some sort of optimization?

3. Repeating an operator like > or == or + or whatever more than 32 times 
triggers an assertion:
  lt-poke: ../../libpoke/pkl-gen.c:2256: pkl_gen_pr_cast: Assertion 
`PKL_GEN_PAYLOAD->cur_context < PKL_GEN_MAX_CTX' failed.
  Again, I can't think of many cases where you would want this in a normal Poke 
program, but it
  would be very nice if we could turn this into a parse error instead of 
dumping cores.

4. We have a really annoying bug where a syntax error in an expression that 
involves a function
   whose body mentions itself results in a double free (according to whichever 
malloc implementation
   I ended up with on debian). I've hit this by hand a few times, so this one 
might be the most
   realistic of the bunch. :-)
   There seems to be a variant of this where "?! name_of_the_function" inside 
the function body,
   followed by a syntax error, results in some other way of crashing, but it 
looks like the same
   root cause.
   I think this bug is also documented in the bug tracker?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]