Hello,
We are developing a new fuzz testing feature, and it found an assertion bug in pspp.
Command to Reproduce
./pspp <input_file>
input_file is attached.
Command Output
... (omitted)
poc_file:1.55: error: Bad character U+0000 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0000 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0002 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0007 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0002 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0000 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0000 in input.
1 | i686-pc
poc_file:1.67: error: Bad character U+0000 in input.
1 | i686-pc
note: Errors (101) exceed limit (100). Syntax processing will be halted.
pspp: src/language/lexer/lexer.c:2378: lex_source_get_parse: Assertion `lex_stage_is_empty (&src->merge)' failed.
******************************************************
You have discovered a bug in PSPP. Please report this
to bug-gnu-pspp@gnu.org. Please include this entire
message, *plus* several lines of output just above it.
For the best chance at having the bug fixed, also
include the syntax file that triggered it and a sample
of any data file used for input.
proximate cause: Assertion Failure/Abort
version: GNU pspp 1.6.2
host_system: x86_64-pc-linux-gnu
build_system: x86_64-pc-linux-gnu
locale_dir: /home/youngseok/latest-subjects/pspp/install_main/share/locale
compiler version: 7.5.0
******************************************************
[1] 31598 abort ./pspp poc_file
Stack Trace
#0 0x00007ffff56d1e87 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff56d37f1 in __GI_abort () at abort.c:79
#2 0x00007ffff56c33fa in __assert_fail_base (fmt=0x7ffff584a6c0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff6c70f80 "lex_stage_is_empty (&src->merge)", file=file@entry=0x7ffff6c6f620 "src/language/lexer/lexer.c", line=line@entry=2378, function=function@entry=0x7ffff6c71500 <__PRETTY_FUNCTION__.16149> "lex_source_get_parse") at assert.c:92
#3 0x00007ffff56c3472 in __GI___assert_fail (assertion=0x7ffff6c70f80 "lex_stage_is_empty (&src->merge)", file=0x7ffff6c6f620 "src/language/lexer/lexer.c", line=2378, function=0x7ffff6c71500 <__PRETTY_FUNCTION__.16149> "lex_source_get_parse") at assert.c:101
#4 0x00007ffff69198bb in lex_source_get_parse (src="" at src/language/lexer/lexer.c:2378
#5 0x00007ffff69111ac in lex_get (lexer=0x603000000370) at src/language/lexer/lexer.c:411
#6 0x00007ffff6916259 in lex_discard_rest_of_command (lexer=0x603000000370) at src/language/lexer/lexer.c:1899
#7 0x00007ffff690d3ec in do_parse_command (lexer=0x603000000370, ds=0x612000000040, state=CMD_STATE_INITIAL) at src/language/command.c:254
#8 0x00007ffff690cd0a in cmd_parse_in_state (lexer=0x603000000370, ds=0x612000000040, state=CMD_STATE_INITIAL) at src/language/command.c:149
#9 0x00007ffff690cdda in cmd_parse (lexer=0x603000000370, ds=0x612000000040) at src/language/command.c:164
#10 0x0000555555559e7b in main (argc=2, argv=0x7fffffffe138) at src/ui/terminal/main.c:139
Environment
OS: Ubuntu 18.04
gcc: 7.5.0
pspp: 1.6.2 (master branch - git commit id 312c1f22e9740afa6b6d2eff88fb49826917f35)
Note that pspp is built with address sanitizer and several options:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --prefix=`pwd`/install_main --without-perl-module --without-gui
poc_file