search

katef / kgt

BNF wrangling and railroad diagrams
BSD 2-Clause "Simplified" License
593 stars 30 forks source link

Segfault in `collapse_suffix` #61

Open aDotInTheVoid opened 2 years ago

aDotInTheVoid commented 2 years ago

With the following input:

binding-names = {name, ","}, name, ",", name
        ;

kgt segfaults when producing html5 

$ cat demo.ebnf 
binding-names = {name, ","}, name, ",", name
        ;
$ gdb -q ./build/bin/kgt
Reading symbols from ./build/bin/kgt...
(gdb) r -l iso-ebnf -e html5 < demo.ebnf 
Starting program: /home/nixon/hare-cross/ebnf/kgt/build/bin/kgt -l iso-ebnf -e html5 < demo.ebnf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
<!DOCTYPE html>
<html>

 <head>
  <style>
      rect, line, path { stroke-width: 1.5px; stroke: black; fill: transparent; }
      rect, line, path { stroke-linecap: square; stroke-linejoin: rounded; }
      path { fill: transparent; }
      text.literal { font-family: monospace; }
      a { fill: blue; }
      a:hover rect { fill: aliceblue; }
      h2 { font-size: inherit; font-weight: inherit; }
      line.ellipsis { stroke-dasharray: 1 3.5; }
      tspan.hex { font-family: monospace; font-size: 90%; }
      path.arrow { fill: black; }
      svg { margin-left: 30px; }
  </style>
 </head>

 <body>

Program received signal SIGSEGV, Segmentation fault.
0x00005555555715d2 in collapse_suffix (changed=0x7fffffffd980, head=0x55555558dee8, loop=0x55555558deb0) at src/rrd/pretty_affix.c:101
101             list_free_upto(head, p->node);
(gdb) bt
#0  0x00005555555715d2 in collapse_suffix (changed=0x7fffffffd980, head=0x55555558dee8, loop=0x55555558deb0) at src/rrd/pretty_affix.c:101
#1  0x0000555555571a61 in rrd_pretty_affixes (changed=0x7fffffffd980, n=0x7fffffffda30) at src/rrd/pretty_affix.c:191
#2  0x0000555555572eaf in node_walk (f=0x555555571979 <rrd_pretty_affixes>, changed=0x7fffffffd980, n=0x7fffffffda30) at src/rrd/pretty.c:27
#3  0x00005555555730c5 in rrd_pretty (rrd=0x7fffffffda30) at src/rrd/pretty.c:83
#4  0x000055555557bd6a in output (grammar=0x55555558d9a0, xml=0) at src/html5/output.c:126
#5  0x000055555557bf1e in html5_output (grammar=0x55555558d9a0) at src/html5/output.c:166
#6  0x0000555555557a04 in main (argc=0, argv=0x7fffffffdd60) at src/main.c:270
(gdb) p p
$1 = (struct list *) 0x0
aDotInTheVoid commented 2 years ago

This leads to an assertion failure in bnf output.

$ gdb -q ./kgt/build/bin/kgt
Reading symbols from ./kgt/build/bin/kgt...
(gdb) r -l iso-ebnf -e bnf < aah.ebnf 
Starting program: /home/nixon/hare-cross/ebnf/kgt/build/bin/kgt -l iso-ebnf -e bnf < aah.ebnf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
kgt: src/bnf/output.c:27: output_term: Assertion `term->type != TYPE_GROUP' failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350600512) at pthread_kill.c:44
44      pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350600512) at pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737350600512) at pthread_kill.c:80
#2  __GI___pthread_kill (threadid=140737350600512, signo=signo@entry=6) at pthread_kill.c:91
#3  0x00007ffff7ce5476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7ccb7b7 in __GI_abort () at abort.c:79
#5  0x00007ffff7ccb6db in __assert_fail_base (fmt=0x7ffff7e7f770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555557dd69 "term->type != TYPE_GROUP", 
    file=0x55555557dd58 "src/bnf/output.c", line=27, function=<optimized out>) at assert.c:92
#6  0x00007ffff7cdce26 in __GI___assert_fail (assertion=0x55555557dd69 "term->type != TYPE_GROUP", file=0x55555557dd58 "src/bnf/output.c", line=27, 
    function=0x55555557de10 <__PRETTY_FUNCTION__.1> "output_term") at assert.c:101
#7  0x000055555555b481 in output_term (term=0x55555558d7e0) at src/bnf/output.c:27
#8  0x000055555555b6e4 in output_alt (alt=0x55555558d980) at src/bnf/output.c:79
#9  0x000055555555b75b in output_rule (rule=0x55555558d9a0) at src/bnf/output.c:96
#10 0x000055555555b7d1 in bnf_output (grammar=0x55555558d9a0) at src/bnf/output.c:115
#11 0x0000555555557a04 in main (argc=0, argv=0x7fffffffdd70) at src/main.c:270
(gdb) f 7
#7  0x000055555555b481 in output_term (term=0x55555558d7e0) at src/bnf/output.c:27
27              assert(term->type != TYPE_GROUP);
(gdb) p term
$1 = (const struct ast_term *) 0x55555558d7e0
(gdb) p *term
$2 = {type = TYPE_GROUP, u = {rule = 0x55555558d7c0, literal = {p = 0x55555558d7c0 " \327XUUU", n = 0}, token = 0x55555558d7c0 " \327XUUU", prose = 0x55555558d7c0 " \327XUUU", 
    group = 0x55555558d7c0}, min = 0, max = 0, invisible = 0, next = 0x55555558d860}
katef commented 2 years ago

oh boy. thank you!