search

ethereum / solidity

Solidity, the Smart Contract Programming Language
https://soliditylang.org
GNU General Public License v3.0
22.64k stars 5.61k forks source link

Segmentation fault in solc in function solidity::frontend::experimental::Analysis::annotationContainer, file libsolidity/experimental/analysis/Analysis.cpp #15177

Closed djuricmilan closed 2 weeks ago

djuricmilan commented 3 weeks ago

Description

When fuzzing the 0.8.24 release of solc with AFL++, I encountered a NULL-pointer dereference in solidity::frontend::experimental::Analysis::annotationContainer

The segfault appears to be triggered at: https://github.com/ethereum/solidity/blob/e11b9ed9f2c254bc894d844c0a64a0eb76bbb4fd/libsolidity/experimental/analysis/Analysis.cpp#L139

Environment

Steps to Reproduce

CMake flags

-DBoost_USE_STATIC_LIBS=OFF

PoC

//=4/t C {erimental solidity;
    /// @irBct C {      addres coin;
         type c= 2|4: (,8-1): Modi2;
//{
    /// @irBct C {      add2.X = 1; p2.Y

Full backtrace

gef➤  bt
#0  solidity::frontend::experimental::Analysis::annotationContainer (this=0x55555743ac80, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:131
#1  0x0000555555ac3521 in solidity::frontend::experimental::detail::AnnotationFetcher<solidity::frontend::experimental::TypeInference>::get (this=0x7fffffffb1a8, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:108
#2  0x000055555633d064 in solidity::frontend::experimental::Analysis::annotation<solidity::frontend::experimental::TypeInference> (this=0x7ffff774c4c0, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.h:81
#3  solidity::frontend::experimental::TypeInference::annotation (_node=..., this=<optimized out>) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:1200
#4  solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0::operator()<std::shared_ptr<solidity::frontend::Expression> >(std::shared_ptr<solidity::frontend::Expression>) const (this=<optimized out>, _expr=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:580
#5  ranges::invoke_fn::operator()<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0&, std::shared_ptr<solidity::frontend::Expression> const&>(solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0&, std::shared_ptr<solidity::frontend::Expression> const&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#6  ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >) (this=<optimized out>, its=...) at /build/source/build/deps/include/range/v3/functional/indirect.hpp:55
#7  ranges::invoke_fn::operator()<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#8  ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&, true, 0>(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) & (this=<optimized out>, args=...) at /build/source/build/deps/include/range/v3/utility/semiregular_box.hpp:230
#9  ranges::invoke_fn::operator()<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#10 ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > >::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, args=...) at /build/source/build/deps/include/range/v3/functional/reference_wrapper.hpp:109
#11 ranges::invoke_fn::operator()<ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > > const&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > > const&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#12 ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false>::read(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >) const (this=<optimized out>, it=...) at /build/source/build/deps/include/range/v3/view/transform.hpp:143
#13 ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> >::read<ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false>, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >() const (this=<optimized out>) at /build/source/build/deps/include/range/v3/view/adaptor.hpp:301
#14 ranges::range_access::read<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >(ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > const&) (pos=...) at /build/source/build/deps/include/range/v3/detail/range_access.hpp:107
#15 ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >::operator*<concepts::detail::CPP_true_fn(concepts::detail::Nil)>() const (this=<optimized out>) at /build/source/build/deps/include/range/v3/iterator/basic_iterator.hpp:587
#16 0x000055555633cbf8 in std::__do_uninit_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:120
#17 std::__uninitialized_copy<false>::__uninit_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:137
#18 std::uninitialized_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:184
#19 std::__uninitialized_copy_a<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >&) (__first=..., __last=..., __result=0x55555743f690) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:372
#20 0x000055555631bb2a in std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::_M_assign_aux<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > > >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::forward_iterator_tag) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/vector.tcc:339
#21 std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::_M_assign_dispatch<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > > >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::__false_type) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_vector.h:1737
#22 std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::assign<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, void>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_vector.h:824
#23 ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >::impl<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&, std::integral_constant<bool, true>) (rng=...) at /build/source/build/deps/include/range/v3/range/conversion.hpp:330
#24 ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >::operator()<ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>, true, 0, 0>(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&) const (rng=..., this=<optimized out>) at /build/source/build/deps/include/range/v3/range/conversion.hpp:346
#25 ranges::detail::operator|<ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>, meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&, ranges::detail::to_container::closure<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > >, ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > > > (*)(ranges::detail::to_container)) (rng=...) at /build/source/build/deps/include/range/v3/range/conversion.hpp:54
#26 solidity::frontend::experimental::TypeInference::endVisit (this=0x7fffffffcfd8, _tupleExpression=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:583
#27 0x00005555563127d6 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:335
#28 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x555557436630, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#29 0x00005555563127b7 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:332
#30 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x5555574366a0, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#31 0x0000555556312bf2 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:350
#32 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x555557436710, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#33 0x0000555556328ac8 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _typeDefinition=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:796
#34 0x000055555596b8b6 in solidity::frontend::TypeDefinition::accept (this=0x555557431b50, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:1101
#35 0x0000555555963cc9 in solidity::frontend::ASTNode::listAccept<std::shared_ptr<solidity::frontend::ASTNode> > (_list=..., _visitor=...) at /build/source/libsolidity/ast/AST.h:101
#36 0x0000555555963c2e in solidity::frontend::SourceUnit::accept (this=0x555557435830, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:43
#37 0x0000555556305972 in solidity::frontend::experimental::TypeInference::analyze (this=0x7fffffffcfd8, _sourceUnit=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:127
#38 0x0000555555ac48cc in solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0::operator()<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul>) const::{lambda(auto:1&&)#2}::operator()<solidity::frontend::experimental::TypeInference>(solidity::frontend::experimental::TypeInference&&) const (_step=..., this=<optimized out>) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:176
#39 solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0::operator()<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul>) const (this=<optimized out>, _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:174
#40 std::__invoke_impl<bool, solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::__invoke_other, solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::integral_constant<unsigned long, 0ul>&&, std::integral_constant<unsigned long, 1ul>&&, std::integral_constant<unsigned long, 2ul>&&, std::integral_constant<unsigned long, 3ul>&&, std::integral_constant<unsigned long, 4ul>&&, std::integral_constant<unsigned long, 5ul>&&) (__f=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/invoke.h:61
#41 std::__invoke<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::integral_constant<unsigned long, 0ul>&&, std::integral_constant<unsigned long, 1ul>&&, std::integral_constant<unsigned long, 2ul>&&, std::integral_constant<unsigned long, 3ul>&&, std::integral_constant<unsigned long, 4ul>&&, std::integral_constant<unsigned long, 5ul>&&) (__fn=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/invoke.h:96
#42 std::__apply_impl<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) (__f=..., __t=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/tuple:1852
#43 std::apply<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> > >(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >&&) (__f=..., __t=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/tuple:1863
#44 solidity::frontend::experimental::Analysis::check (this=0x55555743ac80, _sourceUnits=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:173
#45 0x0000555555a7a460 in solidity::frontend::CompilerStack::analyzeExperimental (this=this@entry=0x55555742ebb0) at /build/source/libsolidity/interface/CompilerStack.cpp:679
#46 0x0000555555a78d92 in solidity::frontend::CompilerStack::analyze (this=this@entry=0x55555742ebb0) at /build/source/libsolidity/interface/CompilerStack.cpp:505
#47 0x0000555555a80194 in solidity::frontend::CompilerStack::parseAndAnalyze (this=0x55555742ebb0, _stopAfter=<optimized out>) at /build/source/libsolidity/interface/CompilerStack.cpp:690
#48 solidity::frontend::CompilerStack::compile (this=0x55555742ebb0, _stopAfter=<optimized out>) at /build/source/libsolidity/interface/CompilerStack.cpp:723
#49 0x000055555589aeaa in solidity::frontend::CommandLineInterface::compile (this=this@entry=0x7fffffffddf8) at /build/source/solc/CommandLineInterface.cpp:900
#50 0x0000555555893ab3 in solidity::frontend::CommandLineInterface::processInput (this=this@entry=0x7fffffffddf8) at /build/source/solc/CommandLineInterface.cpp:769
#51 0x0000555555893307 in solidity::frontend::CommandLineInterface::run (this=0x7fffffffddf8, _argc=0x2, _argv=0x7fffffffe2d8) at /build/source/solc/CommandLineInterface.cpp:682
#52 0x0000555555874643 in main (argc=0x2, argv=0x7fffffffe2d8) at /build/source/solc/main.cpp:40
gef➤  x _node
Cannot access memory at address 0x0
gef➤  c
Continuing.
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==72406==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x555555ac27a3 bp 0x555557431890 sp 0x7fffffffb040 T72406)
==72406==The signal is caused by a READ memory access.
==72406==Hint: address points to the zero page.
    #0 0x555555ac27a3  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56e7a3)
    #1 0x555555ac3520  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56f520)
    #2 0x55555633d063  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xde9063)
    #3 0x55555633cbf7  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xde8bf7)
    #4 0x55555631bb29  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdc7b29)
    #5 0x5555563127d5  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbe7d5)
    #6 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #7 0x5555563127b6  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbe7b6)
    #8 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #9 0x555556312bf1  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbebf1)
    #10 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #11 0x555556328ac7  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdd4ac7)
    #12 0x55555596b8b5  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x4178b5)
    #13 0x555555963cc8  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x40fcc8)
    #14 0x555555963c2d  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x40fc2d)
    #15 0x555556305971  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdb1971)
    #16 0x555555ac48cb  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x5708cb)
    #17 0x555555a7a45f  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x52645f)
    #18 0x555555a78d91  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x524d91)
    #19 0x555555a80193  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x52c193)
    #20 0x55555589aea9  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x346ea9)
    #21 0x555555893ab2  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x33fab2)
    #22 0x555555893306  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x33f306)
    #23 0x555555874642  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x320642)
    #24 0x7ffff7a16fcd  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x27fcd) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #25 0x7ffff7a17088  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x28088) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #26 0x555555843904  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x2ef904)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56e7a3) 
==72406==ABORTING
[Inferior 1 (process 72406) exited with code 01]
matheusaaguiar commented 3 weeks ago

Hi @djuricmilan ! Thanks for the report. Could you clarify what PoC is about? Also could you provide the Solidity code repro that generated such seg fault?

djuricmilan commented 3 weeks ago

Hi @matheusaaguiar,

PoC is the solidity code that causes the segfault when invoked with solc, version 0.8.24:

solc poc.sol
matheusaaguiar commented 2 weeks ago

@djuricmilan , sorry, but I am confused, that is far from a valid Solidity code.

ekpyron commented 2 weeks ago

This is the result of fuzzing, so random (well mutated) code that should still retain valid compiler behaviour (as in proper errors instead of crashes or segfaults). The curious thing here is that the segfault is in experimental analysis, which should only be invoked at all with pragma experimental solidity; (by the way, there's no stability guarantees for that compiler mode and it will involve a lot of invalid behaviour - that's to be expected at the current stage and we're not interested in crashes, if it involves a full valid pragma experimental solidity; at this point).

But the reproduction does not involve such a pragma, so the question is why experimental analysis runs in the first place.

However, I can't reproduce the behaviour with 0.8.24 myself.

djuricmilan commented 2 weeks ago

Ok, I attached the actual PoC that caused the segfault to this comment. Apologies from my side, I was fooled by my terminal multiplexer that simply did not display all the bytes when printing the PoC... The PoC indeed starts with a valid pragma experimental solidity statement, so you I assume the crash is not relevant. bug2.zip

matheusaaguiar commented 2 weeks ago

Thanks for confirming. Since this happened with experimental, we can close this issue.