search

stcorp / harp

Data harmonization toolset for scientific earth observation data
http://stcorp.github.io/harp/doc/html/index.html
BSD 3-Clause "New" or "Revised" License
55 stars 18 forks source link

harp_program_from_string_fuzzer: SEGV in derive_variable_delete #224

Closed schwehr closed 4 years ago

schwehr commented 4 years ago 
==326199==ERROR: AddressSanitizer: SEGV on unknown address 0xfffffffffffffff3 (pc 0x564670638328 bp 0x7ffe05f8ee00 sp 0x7ffe05f8edd0 T0)
==326199==The signal is caused by a WRITE memory access.
    #4 0x564670937e47 in derive_variable_delete third_party/stcorp_harp/libharp/harp-operation.c:771:13
    #5 0x5646709371f9 in harp_operation_delete third_party/stcorp_harp/libharp/harp-operation.c:1310:13
    #6 0x56467098889f in harp_program_delete third_party/stcorp_harp/libharp/harp-program.c:85:17
    #7 0x564670971c6c in harp_program_from_string libharp/harp-operation-parser.y:1706:13
    #8 0x5646706cc0d0 in LLVMFuzzerTestOneInput third_party/stcorp_harp/fuzz/harp_program_from_string_fuzzer.cc:19:7

With:

derive(numy {time,time,time,time,time,time,time,time,vertical})[me,vertvertical})[me,vertical})[mol

crash-c58eef8a86d893f922b27947fa29239b53bd39b7.zip

svniemeijer commented 4 years ago

Nice catch. Fixed in 683dbd13db6f732c824684175109515bad2943d5