Hello,
We are developing a new fuzz testing feature, and it found a large allocation bug in pspp.
Command to Reproduce
./pspp <input_file>
input_file is attached.
Command Output & Stack Trace
... (omitted)
poc_file:6.44: error: Bad character U+0000 in input.
6 |
poc_file:6.44: error: Bad character U+0000 in input.
6 |
poc_file:6.44: error: Bad character U+0000 in input.
6 |
poc_file:6.44-6.45: error: Bad character U+FFFD in input.
6 |
poc_file:6.45: error: Bad character U+0000 in input.
6 |
poc_file:6.45: error: Bad character U+0000 in input.
6 |
poc_file:6.45: error: Bad character U+0000 in input.
6 |
poc_file:6.45-6.46: error: Bad character U+FFFD in input.
6 |
poc_file:6.46: error: Bad character U+000E in input.
6 |
==4155==WARNING: AddressSanitizer failed to allocate 0x71afd498cf5270 bytes
==4155==AddressSanitizer's allocator is terminating the process instead of returning 0
==4155==If you don't like this behavior set allocator_may_return_null=1
==4155==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0)
#0 0x7ffff6f01bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
#1 0x7ffff6f20575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
#2 0x7ffff6f07332 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef332)
#3 0x7ffff6e3fe46 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46)
#4 0x7ffff6ef6b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
#5 0x7ffff60ba007 in gsl_block_alloc (/usr/lib/x86_64-linux-gnu/libgsl.so.23+0x4f007)
#6 0x7ffff612a267 in gsl_matrix_alloc (/usr/lib/x86_64-linux-gnu/libgsl.so.23+0xbf267)
#7 0x7ffff6a2bc96 in matrix_expr_evaluate_seq src/language/commands/matrix.c:3478
#8 0x7ffff6a365b2 in matrix_expr_evaluate src/language/commands/matrix.c:4576
#9 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
#10 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
#11 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
#12 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
#13 0x7ffff6a3c311 in matrix_print_execute src/language/commands/matrix.c:5691
#14 0x7ffff6a53858 in matrix_command_execute src/language/commands/matrix.c:8837
#15 0x7ffff6a54df3 in cmd_matrix src/language/commands/matrix.c:9134
#16 0x7ffff690d361 in do_parse_command src/language/command.c:243
#17 0x7ffff690cd09 in cmd_parse_in_state src/language/command.c:149
#18 0x7ffff690cdd9 in cmd_parse src/language/command.c:164
#19 0x555555559e7a in main src/ui/terminal/main.c:139
#20 0x7ffff56b4c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#21 0x5555555598c9 in _start (/home/youngseok/latest-subjects/pspp/install_main/bin/pspp+0x58c9)
Environment
OS: Ubuntu 18.04
gcc: 7.5.0
pspp: 1.6.2 (master branch - git commit id 312c1f22e9740afa6b6d2eff88fb49826917f35)
Note that pspp is built with address sanitizer and several options:
CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --prefix=`pwd`/install_main --without-perl-module --without-gui
_______________________________________________