Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in fy_parser_destroy #124

Closed
agreppin opened this issue Aug 25, 2024 · 1 comment
Closed

SEGV in fy_parser_destroy #124

agreppin opened this issue Aug 25, 2024 · 1 comment

Comments

@agreppin
Copy link

A segmentation fault occurs in fy_parser_destroy

libfyaml version

  • master branch commit 592ccc1
  • Ubuntu libfyaml-dev 0.8-1build1 idem
#include <libfyaml.h>

static const char ydoc[] = "SEGV:";

int main()
{
  struct fy_emitter_cfg ecfg = {0};
  struct fy_parse_cfg pcfg = {0};
  struct fy_emitter *fyem = fy_emitter_create(&ecfg);
  struct fy_parser *fyp = fy_parser_create(&pcfg);
  int rc = fy_parser_set_string(fyp, ydoc, sizeof(ydoc) - 1);
  struct fy_event *fyev, *fyev1 = NULL;
  while ((fyev = fy_parser_parse(fyp)) != NULL) {
    switch (fyev->type) {
    case FYET_SCALAR:
      fyev1 = fyev;
      break;
    default:
      fy_parser_event_free(fyp, fyev);
      break;
    }
  }
  rc = fy_emit_event_from_parser(fyem, fyp, fyev1);
  fy_parser_event_free(fyp, fyev1);
  fy_emitter_destroy(fyem);
  fy_parser_destroy(fyp);
  return -rc;
}

Output

[ERR]: fy_emit_handle_stream_start: expected FYET_STREAM_START
AddressSanitizer:DEADLYSIGNAL
=================================================================
==112817==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000033 (pc 0x643006787d31 bp 0x7fff93494fc0 sp 0x7fff93494fc0 T0)
==112817==The signal is caused by a WRITE memory access.
==112817==Hint: address points to the zero page.
    #0 0x643006787d31 in __list_del /home/agreppin/src/libfyaml/src/util/fy-list.h:108
    #1 0x643006787d68 in list_del /home/agreppin/src/libfyaml/src/util/fy-list.h:120
    #2 0x6430067896fa in fy_eventp_list_del /home/agreppin/src/libfyaml/src/lib/fy-event.h:28
    #3 0x6430067897b4 in fy_eventp_list_pop /home/agreppin/src/libfyaml/src/lib/fy-event.h:28
    #4 0x64300678c917 in fy_parse_cleanup /home/agreppin/src/libfyaml/src/lib/fy-parse.c:898
    #5 0x6430067a380a in fy_parser_destroy /home/agreppin/src/libfyaml/src/lib/fy-parse.c:6711
    #6 0x643006775bd6 in main /home/agreppin/src/ancible/segv.c:26
    #7 0x789e5182a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #8 0x789e5182a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #9 0x643006775844 in _start (/home/agreppin/src/ancible/segv+0x4844) (BuildId: c0148d6526149187fb80529016fd75894c3be3b4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/agreppin/src/libfyaml/src/util/fy-list.h:108 in __list_del
==112817==ABORTING

Test Environment

Ubuntu 24.04, amd64
@pantoniou
Copy link
Owner

This is bogus, you can't expect to keep pointers to events outside of the normal event processing loop and expect them to work after parsing is complete.

You can't keep pointers around at expect things to work.

You might be able to make this work if you create a copy of the contents of the original event by using fy_event_create() call to create a scalar.

Note that the pointer to fy_event_create() for a scalar is a const char * with the lifecycle expecting to survive the end of parsing; i.e. malloc data.

@pantoniou pantoniou closed this as not planned Won't fix, can't repro, duplicate, stale Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pantoniou @agreppin