Open dwenking opened 3 months ago
I can confirm the segfault. Memory corruption seem to occur, but it is very difficult to pinpoint where. The expression results in quite long and convoluted calculations.
Simplified version of the offending expression: 1/(1/(x² × 'a' × 2) + 1/y) − 1/(1/z + 1/2) = 'b' × 'c'
.
Further investigation indicates that the segfault is caused by stack overflow when a function is called recursively, seemingly without any end, when trying to solve 0(+infinity) + (-infinity) * 0 + 0 * sqrt((+infinity) + (-infinity)'a') + 0 * sqrt((+infinity) + (-infinity)'a') != 0
.
I have now made three different changes which each separately fix the segfault (the most general solution uses a recursion counter in the offending function to avoid infinite loops and stack overflow).
Hi, I am trying to run an AFL fuzzer on Ubuntu 20.04 to fuzz this project and It seems like I found a SEGV in MathStructure.
Test program
test.cpp:
build.sh
ASan report
Poc
Poc file is poc.zip