Hi there,
Our fuzzer found some NULL-pointer deference issue in quotearg_buffer_restyled
in lib/quotearg.c in Bison 3.3, the recent release version.
A crafted input file can cause segment faults and I have confirmed them with
address sanitizer too.
Please use the "./yacc $POC" to reproduce the bug.
ASAN:DEADLYSIGNAL
=================================================================
==8859==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x0000005ed49c bp 0x000000000000 sp 0x7ffd21c69580 T0)
==8859==The signal is caused by a READ memory access.
==8859==Hint: address points to the zero page.
#0 0x5ed49b in quotearg_buffer_restyled lib/quotearg.c:400
#1 0x5f4ca8 in quotearg_n_options lib/quotearg.c:907
#2 0x5f4ca8 in quotearg_n_style lib/quotearg.c:958
#3 0x4722af in location_print src/location.c:105
#4 0x42df67 in error_message src/complain.c:269
#5 0x42df67 in complains src/complain.c:326
#6 0x42df67 in complain_indent src/complain.c:349
#7 0x542c93 in complain_class_redeclared src/symtab.c:311
#8 0x542c93 in symbol_class_set src/symtab.c:448
#9 0x4b25f1 in gram_parse src/parse-gram.y:525
#10 0x4dc854 in reader src/reader.c:729
#11 0x406f03 in main src/main.c:103
#12 0x7f31f694782f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x40ab58 in _start
(/home/wencheng/FuzzingObject/bison-3.3/build/bin/bison+0x40ab58)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV lib/quotearg.c:400 in quotearg_buffer_restyled
==8859==ABORTING<<attachment: POC.zip>>
