search

crashappsec / libcon4m

Base Compiler and Runtime Support for con4m
Apache License 2.0
0 stars 0 forks source link

SIGSEGV: literal modifier #54

Closed ee7 closed 4 months ago

ee7 commented 4 months ago

With:

We see a segfault when running c4test with the .c4m file:

x = 42'foo

with ASan/UBSan output:

ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x55d449caecd3 bp 0x7fffc4938010 sp 0x7fffc4937f80 T0)
The signal is caused by a WRITE memory access.
Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x55d449caecd3 in c4m_exception_raise libcon4m/debug/../src/con4m/exceptions.c:133:22
    #1 0x55d449d679d1 in lookup_arg_strings libcon4m/debug/../src/con4m/format.c:380:13
    #2 0x55d449d66962 in c4m_str_vformat libcon4m/debug/../src/con4m/format.c:563:32
    #3 0x55d449d69d14 in c4m_cstr_array_format libcon4m/debug/../src/con4m/format.c:625:12
    #4 0x55d449dc8e55 in c4m_format_error_message libcon4m/debug/../src/con4m/compiler/errors.c:1177:18
    #5 0x55d449dc9b54 in c4m_format_module_errors libcon4m/debug/../src/con4m/compiler/errors.c:1254:31
    #6 0x55d449dc9649 in c4m_format_errors libcon4m/debug/../src/con4m/compiler/errors.c:1283:13
    #7 0x55d449c1b6bb in test_compiler libcon4m/debug/../src/tests/test.c:429:30
    #8 0x55d449c1e4e2 in main libcon4m/debug/../src/tests/test.c:515:18
../src/con4m/exceptions.c:133:12: runtime error: member access within null pointer of type 'c4m_exception_frame_t' (aka 'struct c4m_exception_frame_st')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/exceptions.c:133:12 in

or the .c4m file:

x = 42
print(x'foo)

with ASan/UBSan output:

ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5b0b5056fe6c bp 0x7fff28112820 sp 0x7fff28112790 T0)
The signal is caused by a READ memory access.
Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x5b0b5056fe6c in c4m_xlist_append libcon4m/debug/../src/con4m/xlist.c:64:15
    #1 0x5b0b506a6f20 in fill_lex_error libcon4m/debug/../src/con4m/compiler/lex.c:284:5
    #2 0x5b0b506a98d4 in scan_char_literal libcon4m/debug/../src/con4m/compiler/lex.c:646:9
    #3 0x5b0b506a2d29 in lex libcon4m/debug/../src/con4m/compiler/lex.c:1091:13
    #4 0x5b0b506a00fa in c4m_lex libcon4m/debug/../src/con4m/compiler/lex.c:1165:9
    #5 0x5b0b5051c276 in c4m_extract_kat libcon4m/debug/../src/tests/test.c:115:5
    #6 0x5b0b5051b76d in build_file_list libcon4m/debug/../src/tests/test.c:239:19
    #7 0x5b0b5051f11a in main libcon4m/debug/../src/tests/test.c:501:40
../src/con4m/xlist.c:64:15: runtime error: member access within null pointer of type 'c4m_xlist_t'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/xlist.c:64:15 in 
../src/con4m/xlist.c:64:15: runtime error: load of null pointer of type 'int32_t' (aka 'int')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/con4m/xlist.c:64:15 in
viega commented 4 months ago

Same issue with the lex phase not having an error list initialized (Dupe of #59)