Menu
▾
▴
1 Attachments
#2091 Null pointer is dereference if 'noautoscale' option is used on an empty plot
Version:
gnuplot 5.2 patchlevel 5
Description:
A null pointer is dereferenced when using the 'noautoscale' option on an empty plot.
Steps to reproduce (payload is attached):
gnuplot <payload>
ASAN-Report:
-------- STDERR --------
"/tmp/tmpz6ejmz84/997bb73bf82ac188", line 1: warning: q is not a string variable
AddressSanitizer:DEADLYSIGNAL
=================================================================
==17105==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002b (pc 0x563e0ae82570 bp 0x7fff6d32dc70 sp 0x7fff6d32db00 T0)
==17105==The signal is caused by a WRITE memory access.
==17105==Hint: address points to the zero page.
#0 0x563e0ae8256f in df_open /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/datafile.c:1259
#1 0x563e0aeabcb3 in fit_command /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/fit.c:1921
#2 0x563e0ae6b60d in command /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/command.c:629
#3 0x563e0ae6a4fe in do_line /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/command.c:419
#4 0x563e0af5bf22 in load_file /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/misc.c:447
#5 0x563e0af8ade7 in main /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/plot.c:654
#6 0x7fcd1c674222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
#7 0x563e0ae3f0ed in _start (/home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/gnuplot+0xf20ed)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/nils/git/gnuplot-crash-triage/gnuplot-5.2.5/src/datafile.c:1259 in df_open
==17105==ABORTING
-------- STDOUT --------
Credits:
Tim Blazytko
Cornelius Aschermann
Sergej Schumilo
Nils Bars
Diff:
Not enough context to reproduce the failure. Note that the error message refers to a variable not present in the reproducer provided.
However this has probably already been fixed by commit e9be99fb
You are right, this is already fixed in commit e9be99fb.