PSPP-BUG: [bug #61283] SIGABRT in pspp at src/libpspp/u8-line.c:139

[Irfan Ariq]

URL:
  <https://savannah.gnu.org/bugs/?61283>

                 Summary: SIGABRT in pspp at src/libpspp/u8-line.c:139
                 Project: PSPP
            Submitted by: irfanariq
            Submitted on: Mon 04 Oct 2021 03:39:49 PM UTC
                Category: None
                Severity: 5 - Average
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

Hello,

We are currently working on fuzz testing feature, and we found a **SIGABRT**
on `pspp`.

The stack traces are as follow:
```
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff586d921 in __GI_abort () at abort.c:79
#2  0x00007ffff585d48a in __assert_fail_base (fmt=0x7ffff59e4750 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff68b8a60 "x1
>= x0", file=file@entry=0x7ffff68b8a20 "src/libpspp/u8-line.c",
line=line@entry=139, function=function@entry=0x7ffff68b8b40
<__PRETTY_FUNCTION__.4132> "u8_line_reserve") at assert.c:92
#3  0x00007ffff585d502 in __GI___assert_fail (assertion=0x7ffff68b8a60 "x1 >=
x0", file=0x7ffff68b8a20 "src/libpspp/u8-line.c", line=139,
function=0x7ffff68b8b40 <__PRETTY_FUNCTION__.4132> "u8_line_reserve") at
assert.c:101
#4  0x00007ffff67c62c9 in u8_line_reserve (line=0x61b000002280, x0=1, x1=0,
n=2) at src/libpspp/u8-line.c:139
#5  0x00007ffff6be370b in ascii_reserve (a=0x611000000540, y=48, x0=1, x1=0,
n=2) at src/output/ascii.c:658
#6  0x00007ffff6be3eab in text_draw (a=0x611000000540,
halign=TABLE_HALIGN_MIXED, options=192, bold=false, underline=false,
bb=0x7fffffffd0c0, clip=0x7fffffffd100, y=48, string=0x61900002f1f3 "ö\t\t",
n=2, width=18446744073709551615) at src/output/ascii.c:745
#7  0x00007ffff6be53c6 in ascii_layout_cell (a=0x611000000540,
cell=0x7fffffffd240, bb=0x7fffffffd0c0, clip=0x7fffffffd100,
widthp=0x7fffffffcfa0, heightp=0x7fffffffcfe0) at src/output/ascii.c:908
#8  0x00007ffff6be3473 in ascii_draw_cell (a_=0x611000000540,
cell=0x7fffffffd240, color_idx=1, bb=0x7fffffffd0c0, spill=0x7fffffffd140,
clip=0x7fffffffd100) at src/output/ascii.c:642
#9  0x00007ffff6c1794b in render_cell (page=0x60d000031ae0,
ofs=0x7fffffffd3d0, cell=0x7fffffffd240) at src/output/render.c:1127
```
Here is the full stack trace : [link]()

**Step to reproduce**

We configured `pspp` using `CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g
-O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --without-cairo
--without-perl-module` and build it using `make -j10`, and run it with:

```
./pspp <attached file> -O device=listing -o -a -e format=odt -O -o
```
Attachment: [input file]()

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- pspp version: [pspp
1.4.1](http://mirror.yongbok.net/gnu/pspp/pspp-1.4.1.tar.gz)

Thank you.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 04 Oct 2021 03:39:49 PM UTC  Name: full_stacktrace_poc_10.zip  Size:
2KiB   By: irfanariq

<http://savannah.gnu.org/bugs/download.php?file_id=52025>
-------------------------------------------------------
Date: Mon 04 Oct 2021 03:39:49 PM UTC  Name: input_pspp_poc_10.zip  Size: 1KiB
  By: irfanariq

<http://savannah.gnu.org/bugs/download.php?file_id=52026>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?61283>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/