Getting SEGV

[masatake]

I'm debugging universal-ctags/ctags#3509.
During debugging, I found an input that triggered SEGV.

I tried finding minimal input to reproduce it.

[yamato@dev64]~/var/ctags-github% ../pegof/build/pegof --version
Pegof version: 0.5.0
PackCC version: v2.0.2-1-g0aa9a758
[yamato@dev64]~/var/ctags-github% (cd ../pegof; git log --oneline HEAD~..HEAD)                      
ab8cafd (HEAD -> master, tag: 0.5.0, upstream/master) make TempDir platform independent
[yamato@dev64]~/var/ctags-github% cat peg/toml.peg                                                  
f <- d / d / 'x' d
d <- [\u0032-\u0033]
[yamato@dev64]~/var/ctags-github% ../pegof/build/pegof_test -O all -o /tmp/toml.pego -i peg/toml.peg
/home/yamato/var/pegof/src/optimizer.cc:267:40: runtime error: member access within null pointer of type 'struct Sequence'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1381895==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000703dee bp 0x7ffe98805c30 sp 0x7ffe98805740 T0)
==1381895==The signal is caused by a READ memory access.
==1381895==Hint: address points to the zero page.
    #0 0x703dee in operator() /home/yamato/var/pegof/src/optimizer.cc:267
    #1 0x72bfc9 in __invoke_impl<bool, Optimizer::remove_unnecessary_groups()::<lambda(Node&, int&)>&, Node&, int&> /usr/include/c++/14/bits/invoke.h:61
    #2 0x7256d7 in __invoke_r<bool, Optimizer::remove_unnecessary_groups()::<lambda(Node&, int&)>&, Node&, int&> /usr/include/c++/14/bits/invoke.h:114
    #3 0x71f001 in _M_invoke /usr/include/c++/14/bits/std_function.h:290
    #4 0x73b8c0 in std::function<bool (Node&, int&)>::operator()(Node&, int&) const /usr/include/c++/14/bits/std_function.h:591
    #5 0x6f2a82 in operator() /home/yamato/var/pegof/src/optimizer.cc:25
    #6 0x72a2c0 in __invoke_impl<bool, Optimizer::apply(const Optimization&, const std::function<bool(Node&, int&)>&)::<lambda(Node&)>&, Node&> /usr/include/c++/14/bits/invoke.h:61
    #7 0x7224fe in __invoke_r<bool, Optimizer::apply(const Optimization&, const std::function<bool(Node&, int&)>&)::<lambda(Node&)>&, Node&> /usr/include/c++/14/bits/invoke.h:114
    #8 0x71ccdb in _M_invoke /usr/include/c++/14/bits/std_function.h:290
    #9 0x606e3b in std::function<bool (Node&)>::operator()(Node&) const /usr/include/c++/14/bits/std_function.h:591
    #10 0x600f81 in Node::map(std::function<bool (Node&)> const&) /home/yamato/var/pegof/src/ast/node.cc:77
    #11 0x601301 in Node::map(std::function<bool (Node&)> const&) /home/yamato/var/pegof/src/ast/node.cc:80
    #12 0x601301 in Node::map(std::function<bool (Node&)> const&) /home/yamato/var/pegof/src/ast/node.cc:80
    #13 0x601301 in Node::map(std::function<bool (Node&)> const&) /home/yamato/var/pegof/src/ast/node.cc:80
    #14 0x601301 in Node::map(std::function<bool (Node&)> const&) /home/yamato/var/pegof/src/ast/node.cc:80
    #15 0x6f3018 in Optimizer::apply(Optimization const&, std::function<bool (Node&, int&)> const&) /home/yamato/var/pegof/src/optimizer.cc:24
    #16 0x705aa2 in Optimizer::remove_unnecessary_groups() /home/yamato/var/pegof/src/optimizer.cc:239
    #17 0x716825 in Optimizer::optimize() /home/yamato/var/pegof/src/optimizer.cc:498
    #18 0x6ed9ef in process(Config::OutputType const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Checker const&) /home/yamato/var/pegof/src/main.cc:40
    #19 0x6efe97 in main /home/yamato/var/pegof/src/main.cc:87
    #20 0x7f1dd3a39087 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #21 0x7f1dd3a3914a in __libc_start_main_impl ../csu/libc-start.c:360
    #22 0x409fb4 in _start (/home/yamato/var/pegof/build/pegof_test+0x409fb4) (BuildId: 8d013cb57de4158165db7798385e2651716bec6a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/yamato/var/pegof/src/optimizer.cc:267 in operator()
==1381895==ABORTING

[dolik-rce]

Thanks for the report @masatake. This is a serious bug somewhere in the optimizer code.

[dolik-rce]

@masatake This problem should be fixed in the devel branch. Can you please check that it fixes also your original problem in the TOML parser?

[masatake]

I verified the bug is fixed. Thank you. However, I have another one. I will open a new issue after making the input for reproducing smaller.