buzzvm.zip

This input to buzzrun causes a segmentation fault in buzzvm.c

valgrind shows:

==7166== Invalid read of size 8
==7166==    at 0x42C92D: buzzvm_lload (buzzvm.c:1267)
==7166==    by 0x42C92D: buzzvm_step (buzzvm.c:798)
==7166==    by 0x4024A3: main (buzzrun.c:97)
==7166==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Which is from here:

      case BUZZVM_INSTR_LLOAD: {
         inc_pc();
         get_arg(uint32_t);
         buzzvm_lload(vm, arg);
         break;
      }

Adding a check for arg being null removes the segmentation fault.

Any advice on how to resolve?

This should be already solved by a commit I made yesterday.

Are you using the latest version?

Also, what's the original program that produced that output? You can't just give bzzrun any input...

More precisely: the instruction lload is expected to have an integer argument. If the argument is missing (or it's not an integer), it's because of a compiler bug (bzzparse or bzzasm) rather than a bug in the Buzz virtual machine.

I pulled the latest source and as far as I know the behavior is the same. I ran with the input in buzzvm.zip (unzipped) like such: ./buzzrun buzzvm.out /tmp/1. /tmp/1 is a non-existent file.

Where does buzzvm.out come from? Was it generated from a source file? The BuzzVM is not designed to run any input that is thrown at it. It has to be well-formed.

It came from a fuzzer, not from a source file. Is increasing the ability to handle ill formed inputs desired for BuzzVM?

Adding tons of checks would make the BuzzVM very slow and much more complex, so I'd stay away from that.