-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation fault in solc in function solidity::frontend::experimental::Analysis::annotationContainer, file libsolidity/experimental/analysis/Analysis.cpp #15177
Comments
Hi @djuricmilan ! Thanks for the report. |
Hi @matheusaaguiar, PoC is the solidity code that causes the segfault when invoked with solc, version 0.8.24:
|
@djuricmilan , sorry, but I am confused, that is far from a valid Solidity code. |
This is the result of fuzzing, so random (well mutated) code that should still retain valid compiler behaviour (as in proper errors instead of crashes or segfaults). But the reproduction does not involve such a pragma, so the question is why experimental analysis runs in the first place. However, I can't reproduce the behaviour with 0.8.24 myself. |
Ok, I attached the actual PoC that caused the segfault to this comment. Apologies from my side, I was fooled by my terminal multiplexer that simply did not display all the bytes when printing the PoC... The PoC indeed starts with a valid |
Thanks for confirming. Since this happened with experimental, we can close this issue. |
Description
When fuzzing the 0.8.24 release of solc with AFL++, I encountered a NULL-pointer dereference in solidity::frontend::experimental::Analysis::annotationContainer
The segfault appears to be triggered at:
solidity/libsolidity/experimental/analysis/Analysis.cpp
Line 139 in e11b9ed
Environment
Steps to Reproduce
CMake flags
-DBoost_USE_STATIC_LIBS=OFF
PoC
##Full backtrace
The text was updated successfully, but these errors were encountered: