Re: PSPP-BUG: Large Allocation of 0x71afd498cf5270 bytes in pspp

[Ben Pfaff]

There's not much to be done about this. The syntax file you attached allocates a matrix of approximate dimension 4000000000000000. I don't know how to deal with that except by putting an arbitrary maximum size on a matrix.

Here's a much less obfuscated syntax file that shows the same thing:

MATRIX.
COMPUTE M={5555:4000000000000000}.
END MATRIX.

On Mon, Mar 13, 2023 at 5:52 PM Youngseok Choi <youngseok.main@gmail.com> wrote:

Hello,

We are developing a new fuzz testing feature, and it found a large allocation bug in pspp.

Command to Reproduce

./pspp <input_file>

input_file is attached.

Command Output & Stack Trace

... (omitted)

poc_file:6.44: error: Bad character U+0000 in input.
    6 |

poc_file:6.44: error: Bad character U+0000 in input.
    6 |

poc_file:6.44: error: Bad character U+0000 in input.
    6 |

poc_file:6.44-6.45: error: Bad character U+FFFD in input.
    6 |

poc_file:6.45: error: Bad character U+0000 in input.
    6 |

poc_file:6.45: error: Bad character U+0000 in input.
    6 |

poc_file:6.45: error: Bad character U+0000 in input.
    6 |

poc_file:6.45-6.46: error: Bad character U+FFFD in input.
    6 |

poc_file:6.46: error: Bad character U+000E in input.
    6 |
==4155==WARNING: AddressSanitizer failed to allocate 0x71afd498cf5270 bytes
==4155==AddressSanitizer's allocator is terminating the process instead of returning 0
==4155==If you don't like this behavior set allocator_may_return_null=1
==4155==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0)
    #0 0x7ffff6f01bf2  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
    #1 0x7ffff6f20575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
    #2 0x7ffff6f07332  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef332)
    #3 0x7ffff6e3fe46  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46)
    #4 0x7ffff6ef6b0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a)
    #5 0x7ffff60ba007 in gsl_block_alloc (/usr/lib/x86_64-linux-gnu/libgsl.so.23+0x4f007)
    #6 0x7ffff612a267 in gsl_matrix_alloc (/usr/lib/x86_64-linux-gnu/libgsl.so.23+0xbf267)
    #7 0x7ffff6a2bc96 in matrix_expr_evaluate_seq src/language/commands/matrix.c:3478
    #8 0x7ffff6a365b2 in matrix_expr_evaluate src/language/commands/matrix.c:4576
    #9 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
    #10 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
    #11 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
    #12 0x7ffff6a34351 in matrix_expr_evaluate src/language/commands/matrix.c:4521
    #13 0x7ffff6a3c311 in matrix_print_execute src/language/commands/matrix.c:5691
    #14 0x7ffff6a53858 in matrix_command_execute src/language/commands/matrix.c:8837
    #15 0x7ffff6a54df3 in cmd_matrix src/language/commands/matrix.c:9134
    #16 0x7ffff690d361 in do_parse_command src/language/command.c:243
    #17 0x7ffff690cd09 in cmd_parse_in_state src/language/command.c:149
    #18 0x7ffff690cdd9 in cmd_parse src/language/command.c:164
    #19 0x555555559e7a in main src/ui/terminal/main.c:139
    #20 0x7ffff56b4c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #21 0x5555555598c9 in _start (/home/youngseok/latest-subjects/pspp/install_main/bin/pspp+0x58c9)

Environment

OS: Ubuntu 18.04

gcc: 7.5.0

pspp: 1.6.2 (master branch - git commit id 312c1f22e9740afa6b6d2eff88fb49826917f35)

Note that pspp is built with address sanitizer and several options:

CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" \
./configure --prefix=`pwd`/install_main --without-perl-module --without-gui

_______________________________________________
Bug-gnu-pspp mailing list
Bug-gnu-pspp@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gnu-pspp