[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Sat, 2 Apr 2022 02:19:17 +0200
Here are some of the bugs my fuzzing turned up that are still open:
1. The parser currently aborts if you give it a token that is longer than 16384
examples could be 111...111 [16385 times] (not very likely to turn up in a
or a string "aaaaaaa...aaaa" (more likely in the real world, I guess).
While it might be nice to support long string literals, a more immediate
solution to this
might be to just report it as a syntax error. That would make it easier for
me to sift through
future fuzz results, at least. :-)
2. This segfaults:
I don't know why, but it seems to have to do with some sort of optimization?
3. Repeating an operator like > or == or + or whatever more than 32 times
triggers an assertion:
lt-poke: ../../libpoke/pkl-gen.c:2256: pkl_gen_pr_cast: Assertion
`PKL_GEN_PAYLOAD->cur_context < PKL_GEN_MAX_CTX' failed.
Again, I can't think of many cases where you would want this in a normal Poke
program, but it
would be very nice if we could turn this into a parse error instead of
4. We have a really annoying bug where a syntax error in an expression that
involves a function
whose body mentions itself results in a double free (according to whichever
I ended up with on debian). I've hit this by hand a few times, so this one
might be the most
realistic of the bunch. :-)
There seems to be a variant of this where "?! name_of_the_function" inside
the function body,
followed by a syntax error, results in some other way of crashing, but it
looks like the same
I think this bug is also documented in the bug tracker?