[BUG] ASAN diagnostic found by fuzzing

[MarekKnapek]

• heap-buffer-overflow
• SEGV on unknown address 0x000000000028

Found by fuzzing: #1131

I'm not sure you would like more such bug reports. Should I continue fuzzing your project?

cppfront-fuzz.zip

[gregmarr]

I'm not sure what Herb would prefer, but since he's fixed all the ones you've found so far, I'd say it's helpful.

I don't know that the best format for the report is. Maybe posting just the input file in a code block, whether it requires asan or not, and a call stack if you have it. If you have multiple crashes, and you have call stacks, maybe only one issue per unique call stack, with any inputs that gave that same stack.

I ran test1 and test2 on Compiler Explorer, and they both produce compiler output rather than a SEGV. Do they require ASAN too?

[hsutter]

Should I continue fuzzing your project?

Yes please! I am also interested in your suggestions in #1131, I just don't have the expertise to set it up or the cycles to learn it right now, so I would love something like a PR.

What helps me most though is to post each source file that causes a violation, and as information specific as possible on where the violation occurred... ideally the expression that caused the problem, but even just the file and line is helpful (knowing the file and line was what helped me fix the last one a few days ago).

[hsutter]

Update: Actually I've now configured ASAN myself and so I can repro the ASAN reports myself.

All I need is an issue for each source (or group of sources) that causes an ASAN violation, and I can try to repro it myself.

For this issue, that would look like something like this (the ASAN one-line basic description is optional but is a nice indicator):

Case 1

Test file:

z:"S:@\\\\\operator\

ASAN reports: container-overflow

Case 2

Test file:

S:tE<g*(r:.Rny/u"vercS:@\\\\\

ASAN reports: heap-buffer-overflow

Case 3

Test file:

bs0rH: =n0rH>:H* =n0rH>

ASAN reports: access-violation

Case 4

Test file:

pP:*E<:EEE*n$

ASAN reports: access-violation

Case 5

Test file:

pP:*E<:EEg*n$

ASAN reports: access-violation

[MarekKnapek]

don't have the expertise to set it up or the cycles to learn it right now

Step 1. Find a spare computer that could be left running 24/7.
Step 2. Download my branch.
Step 3. Run bash script from my branch.
Repeat steps 1-3 for as many CPUs you have on your computer or for as many computers you have.
Step 4. Come approximately once per day and check for crashes (ASAN detections).

The step 1 is the most difficult for me. And for protentional PR. I don't think GitHub Actions would let me run arbitrary code for 24/7. That would be similar to crypto mining.

[hsutter]

Thanks! I've closed this as I've fixed these bugs, and will leave #1131... I might be able to find a spare computer here...