Skip to content

Commit 142f6b5

Browse files
orbitcowboyorbitcowboy
committed
Added another crash, found by afl_cppcheck.
1 parent 0aec800 commit 142f6b5

File tree

2 files changed

+80
-0
lines changed

2 files changed

+80
-0
lines changed

crash461.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{(()[((0||0xf||))]0[])}

crash461_bt.txt

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
backtrace:
2+
#0 0x000055555569cb80 in Tokenizer::isFunctionHead(Token const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) ()
3+
No symbol table info available.
4+
#1 0x00005555556a049b in Tokenizer::startOfExecutableScope(Token const*) ()
5+
No symbol table info available.
6+
#2 0x00005555556c6c3f in Tokenizer::simplifyKnownVariables() ()
7+
No symbol table info available.
8+
#3 0x00005555556cb123 in Tokenizer::simplifyTokenList2() ()
9+
No symbol table info available.
10+
#4 0x00005555556510bf in CppCheck::processFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ()
11+
No symbol table info available.
12+
#5 0x000055555565270a in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
13+
No symbol table info available.
14+
#6 0x00005555556ebfcc in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ()
15+
No symbol table info available.
16+
#7 0x00005555556ec7c2 in CppCheckExecutor::check(int, char const* const*) ()
17+
No symbol table info available.
18+
#8 0x00005555555b4a9a in main ()
19+
No symbol table info available.
20+
21+
22+
registers:
23+
rax 0x0 0
24+
rbx 0x555555989220 93824996643360
25+
rcx 0x555555989238 93824996643384
26+
rdx 0x55555570e994 93824994044308
27+
rsi 0x7fffffffbc5b 140737488338011
28+
rdi 0x555555989228 93824996643368
29+
rbp 0x7fffffffbcf0 0x7fffffffbcf0
30+
rsp 0x7fffffffbca0 0x7fffffffbca0
31+
r8 0x1 1
32+
r9 0x555555989ec0 93824996646592
33+
r10 0xffffffffffffff90 -112
34+
r11 0x7ffff7b62080 140737349296256
35+
r12 0x555555989228 93824996643368
36+
r13 0x55555570e994 93824994044308
37+
r14 0x5555557018af 93824993990831
38+
r15 0x1 1
39+
rip 0x55555569cb80 0x55555569cb80 <Tokenizer::isFunctionHead(Token const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool)+352>
40+
eflags 0x10202 [ IF RF ]
41+
cs 0x33 51
42+
ss 0x2b 43
43+
ds 0x0 0
44+
es 0x0 0
45+
fs 0x0 0
46+
gs 0x0 0
47+
48+
49+
current instructions:
50+
=> 0x55555569cb80 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+352>: mov 0x28(%rax),%rbx
51+
0x55555569cb84 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+356>: jmp 0x55555569cb57 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+311>
52+
0x55555569cb86 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+358>: test %r15b,%r15b
53+
0x55555569cb89 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+361>: jne 0x55555569cb92 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+370>
54+
0x55555569cb8b <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+363>: xor %ebx,%ebx
55+
0x55555569cb8d <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+365>: jmpq 0x55555569cf65 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+1349>
56+
0x55555569cb92 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+370>: lea 0x64d16(%rip),%r14 # 0x5555557018af
57+
0x55555569cb99 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+377>: lea 0x8(%r13),%rdi
58+
0x55555569cb9d <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+381>: mov %rbp,%rsi
59+
0x55555569cba0 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+384>: mov %r14,0x50(%rsp)
60+
0x55555569cba5 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+389>: callq 0x5555555b651b <_ZN13MatchCompilereqILj2EEEbRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKNS_11ConstStringIXT_EEE>
61+
0x55555569cbaa <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+394>: test %al,%al
62+
0x55555569cbac <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+396>: je 0x55555569cb8b <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+363>
63+
0x55555569cbae <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+398>: mov 0x28(%r13),%rbx
64+
0x55555569cbb2 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+402>: lea 0x743b5(%rip),%r15 # 0x555555710f6e
65+
0x55555569cbb9 <_ZN9Tokenizer14isFunctionHeadEPK5TokenRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb+409>: test %rbx,%rbx
66+
67+
68+
threads backtrace:
69+
70+
Thread 1 (Thread 0x7ffff7fc6740 (LWP 76345)):
71+
#0 0x000055555569cb80 in Tokenizer::isFunctionHead(Token const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) ()
72+
#1 0x00005555556a049b in Tokenizer::startOfExecutableScope(Token const*) ()
73+
#2 0x00005555556c6c3f in Tokenizer::simplifyKnownVariables() ()
74+
#3 0x00005555556cb123 in Tokenizer::simplifyTokenList2() ()
75+
#4 0x00005555556510bf in CppCheck::processFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ()
76+
#5 0x000055555565270a in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
77+
#6 0x00005555556ebfcc in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ()
78+
#7 0x00005555556ec7c2 in CppCheckExecutor::check(int, char const* const*) ()
79+
#8 0x00005555555b4a9a in main ()

0 commit comments

Comments
 (0)