Hello. It's me again after ~1358 million executions :)
=================================================================
==23529==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62500000e900 at pc 0x55e70e224897 bp 0x7ffdac69ab70 sp 0x7ffdac69ab68
READ of size 1 at 0x62500000e900 thread T0
#0 0x55e70e224896 in re2c::Scanner::lex_conf_number() src/ast/lex_conf.cc:4019
#1 0x55e70e235e9e in re2c::Scanner::lex_conf_bool() ../src/ast/lex_conf.re:251
#2 0x55e70e235e9e in re2c::Scanner::lex_conf(re2c::Opt&) ../src/ast/lex_conf.re:148
#3 0x55e70e211424 in yyparse(re2c::context_t&) src/ast/parser.ypp:74
#4 0x55e70e2154d3 in re2c::parse(re2c::Scanner&, std::vector<re2c::spec_t, std::allocator<re2c::spec_t> >&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, re2c::AST const*, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, re2c::AST const*> > >&, re2c::Opt&) src/ast/parser.ypp:257
#5 0x55e70e135666 in re2c::compile(re2c::Scanner&, re2c::Output&, re2c::Opt&) src/compile.cc:159
#6 0x55e70df2ba15 in main src/main.cc:31
#7 0x7f417966f2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#8 0x55e70df2caa9 in _start (/home/afl/builds/re2c/15c5c7b41fe7198c03bc32e5968a652d336f76bc/bin/re2c+0x1eaa9)
0x62500000e900 is located 0 bytes to the right of 8192-byte region [0x62500000c900,0x62500000e900)
allocated by thread T0 here:
#0 0x7f417a34dd70 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d70)
#1 0x55e70e1cfc6b in re2c::Scanner::fill(unsigned int) src/ast/scanner.cc:47
#2 0x55e70e1eea6b in re2c::Scanner::echo(re2c::Output&) src/ast/lex.cc:89
#3 0x55e70e1354ba in re2c::compile(re2c::Scanner&, re2c::Output&, re2c::Opt&) src/compile.cc:144
#4 0x55e70df2ba15 in main src/main.cc:31
#5 0x7f417966f2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/ast/lex_conf.cc:4019 in re2c::Scanner::lex_conf_number()
Shadow bytes around the buggy address:
0x0c4a7fff9cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff9ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff9cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff9d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a7fff9d20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff9d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff9d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==23529==ABORTING
Hello. It's me again after ~1358 million executions :)
Tested commit: 15c5c7b
Tools: american fuzzy lop 2.52b, afl-utils
re2c-2018-11-29.txt