[bison crash] Segmentation fault at fetch_type_name

[Ahcheong Lee]

Hello, this is Ahcheong Lee
I'm currently working on a new fuzzing technique, and I found some crashes
on GNU bison.
For ease of maintenance, I'll send one crash by one by email.

There was a segmentation fault on fetch_type_name :
bison-src/scan-code.l:577
You can reproduce it with the following command:
./bison <attached file>

This is call stack info:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043d38a in fetch_type_name (cp=0x6ae000 <error: Cannot access
memory at address 0x6ae000>, type_name=0x7fffffffa838,
    dollar_loc=0x6893a0 <current_loc>) at
/Users/akim/src/gnu/bison/src/scan-code.l:577
577     /Users/akim/src/gnu/bison/src/scan-code.l: No such file or
directory.
(gdb) bt
#0  0x000000000043d38a in fetch_type_name (cp=0x6ae000 <error: Cannot
access memory at address 0x6ae000>, type_name=0x7fffffffa838,
    dollar_loc=0x6893a0 <current_loc>) at
/Users/akim/src/gnu/bison/src/scan-code.l:577
#1  0x0000000000439d13 in code_lex (self=0x7fffffffadc0, sc_context=6) at
/Users/akim/src/gnu/bison/src/scan-code.l:184
#2  0x000000000043e71d in translate_action (self=0x7fffffffadc0,
sc_context=6) at /Users/akim/src/gnu/bison/src/scan-code.l:768
#3  0x000000000043e9bf in code_props_translate_code (self=0x7fffffffadc0)
at /Users/akim/src/gnu/bison/src/scan-code.l:833
#4  0x000000000042e8af in gram_parse () at src/parse-gram.y:379
#5  0x0000000000436978 in reader (gram=0x691bb0 "debugger10/id:000000") at
src/reader.c:716
#6  0x0000000000417e3d in main (argc=2, argv=0x7fffffffe378) at
src/main.c:104


---------------------------------------------
Ahcheong Lee, Master's student
School of Computing, KAIST
Room# 2438, E3-1, KAIST
373-1 Guseong-dong, Yuseong-gu
Daejeon, South Korea 34141
Phone : 010-7350-3811
------------------------------------------------

bison_crash_fetch_type_name
Description: Binary data