bug-gnu-pspp
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #61286] stack-overflow in pspp at src/language/expression

From: Irfan Ariq
Subject: PSPP-BUG: [bug #61286] stack-overflow in pspp at src/language/expressions/parse.c:751
Date: Mon, 4 Oct 2021 11:45:14 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 
URL:
  <https://savannah.gnu.org/bugs/?61286>

                 Summary: stack-overflow in pspp at
src/language/expressions/parse.c:751
                 Project: PSPP
            Submitted by: irfanariq
            Submitted on: Mon 04 Oct 2021 03:45:12 PM UTC
                Category: None
                Severity: 5 - Average
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

Hello,

We are currently working on fuzz testing feature, and we found a
**stack-overflow** on `pspp`.

The stack traces are as follow:
```st
==30014==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe3b2a6fc8 (pc
0x7f32ffcb6d2e bp 0x7ffe3b2a7060 sp 0x7ffe3b2a6fd0 T0)
    #0 0x7f32ffcb6d2d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27d2d)
    #1 0x7f32ffd6db0a in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
    #2 0x7f32fe6d8e10  (/lib/x86_64-linux-gnu/libc.so.6+0x34e10)
    #3 0x7f32fe6d6df3  (/lib/x86_64-linux-gnu/libc.so.6+0x32df3)
    #4 0x7f32fe6d66ca  (/lib/x86_64-linux-gnu/libc.so.6+0x326ca)
    #5 0x7f32ffa1123f in parse_exp src/language/expressions/parse.c:751
    #6 0x7f32ffa10df1 in parse_inverting_unary_operator
src/language/expressions/parse.c:606
    #7 0x7f32ffa11221 in parse_neg src/language/expressions/parse.c:742
    #8 0x7f32ffa111c0 in parse_mul src/language/expressions/parse.c:732
    #9 0x7f32ffa1116a in parse_add src/language/expressions/parse.c:717
    #10 0x7f32ffa110a7 in parse_rel src/language/expressions/parse.c:657
    #11 0x7f32ffa10df1 in parse_inverting_unary_operator
src/language/expressions/parse.c:606
```
The full stack trace is attached.

**Step to reproduce**

We configured `pspp` using `CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g
-O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --without-cairo
--without-perl-module` and build it using `make -j10`, and run it with:

```
./pspp <attached file> format= -I- -O -V format=odt -r device=treminal
device=listing /dev/null --no-output -o -h
```
The input file is attached.

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- pspp version: [pspp
1.4.1](http://mirror.yongbok.net/gnu/pspp/pspp-1.4.1.tar.gz)

Thank you.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 04 Oct 2021 03:45:12 PM UTC  Name: full_stacktrace_poc_13.zip  Size:
2KiB   By: irfanariq

<http://savannah.gnu.org/bugs/download.php?file_id=52031>
-------------------------------------------------------
Date: Mon 04 Oct 2021 03:45:12 PM UTC  Name: input_pspp_poc_13.zip  Size: 626B
  By: irfanariq

<http://savannah.gnu.org/bugs/download.php?file_id=52032>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?61286>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]