SEGV in bison (latest version in github) at src/lssi.c:276

[Irfan Ariq]

Hello,

We are currently working on fuzz testing feature, and we found a *SEGV* error
on *bison*.

The stack traces are as follow:

> ==29211==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x5629a7313801 bp 0x7ffd1b2a25c0 sp 0x7ffd1b2a0520 T0)
> ==29211==The signal is caused by a READ memory access.
> ==29211==Hint: address points to the zero page.
>     #0 0x5629a7313800 in intersect_symbol src/lssi.c:276
>     #1 0x5629a72e4650 in reduction_step src/counterexample.c:827
>     #2 0x5629a72e6714 in generate_next_states src/counterexample.c:1063
>     #3 0x5629a72e7417 in unifying_example src/counterexample.c:1182
>     #4 0x5629a72e7e04 in counterexample_report src/counterexample.c:1277
>     #5 0x5629a72e8213 in counterexample_report_shift_reduce
> src/counterexample.c:1306
>     #6 0x5629a72e94a5 in counterexample_report_state
> src/counterexample.c:1380
>     #7 0x5629a73632e0 in print_state src/print.c:366
>     #8 0x5629a736417a in print_results src/print.c:473
>     #9 0x5629a7314ee4 in main src/main.c:188

The full stacktrace is attached.


   - Step to reproduce


We configured `*bison*` using `*CFLAGS="-g -O0 -fsanitize=address"
./configure --prefix=$(pwd)/ --disable-shared*` and built in using `*make
-j 10*`, and run it with:

./bison <attached file> -o itemset -v --report=all


The input file is also attached.


   - Environment

- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- Bison version: latest commit (7c90a28) of master branch in github (
https://github.com/akimd/bison/tree/7c90a28f17e97b3ec8213ff6e0b0a5d2382f8929
)

Thank you.

Sincerely,
Irfan Ariq
Software Testing and Verification Lab - KAIST

input_bison_poc_1.zip
Description: Zip compressed data

full_stacktrace_poc_1.zip
Description: Zip compressed data