Poc file:
https://drive.google.com/file/d/1S5Is16E6iXfYKSdN_Ly4KC8xlkaG4Zp0/view?usp=drive_link
---------- Forwarded message ---------
发件人: kittener White <[email protected]>
Date: 2025年12月25日周四 16:45
Subject: Bison 3.8: abort "Cannot find shortest path to conflict state" on
crafted grammar (core dump)
To: <[email protected]>
This seems to be triggered during conflict handling/reporting, and Bison
should not core dump on malformed/untrusted input.
Reproduce:
# export CFLAGS="-g -O0 -fsanitize=address"
# ./configure
# make -j
# src/bison -L c -r all -g -x --html -t --locations -k -d -v Poc
Description:
afl++/out/flag_1/default/crashes/id:000001: warning: 2 shift/reduce
conflicts [-Wconflicts-sr]
afl++/out/flag_1/default/crashes/id:000001: warning: 27 reduce/reduce
conflicts [-Wconflicts-rr]
afl++/out/flag_1/default/crashes/id:000001: note: rerun with option
'-Wcounterexamples' to generate conflict counterexamples
afl++/out/flag_1/default/crashes/id:000001:1:1.36-55: warning: rule
useless in parser due to conflicts [-Wother]
1 |
%%I:|"""""""%%I:|""""""""""I|I"""I|""""""""""""""""""""|""I"I|"""I|""""I|"""""""""""""""""""""""""""""""""""""""""""""""""%%...
| ^~~~~~~~~~~~~~~~~~~~
afl++/out/flag_1/default/crashes/id:000001:1.74-144: warning: rule
useless in parser due to conflicts [-Wother]
1 |
%%I:|"""""""%%I:|""""""""""I|I"""I|""""""""""""""""""""|""I"I|"""I|""""I|"""""""""""""""""""""""""""""""""""""""""""""""""%%...
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
afl++/out/flag_1/default/crashes/id:000001:1.146-178: warning: rule
useless in parser due to conflicts [-Wother]
1 | ..."I|I"""I|""""""""""""""""""""""""""""""""I|"%%"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cannot find shortest path to conflict state.Aborted (core dumped)
Credit:
Kaiyu Xie(UCAS)
