Ethan Merritt
-
2020-11-18
- status: open --> pending-fixed
- Group: -->
- Priority: -->
We have found an arithmetic exception (div 0) in boundary3d() of gnuplot-5.5. This bug can be reproduced by:
gnuplot PoC
The Poc is in the attachment. We compile gnuplot-5.5 by clang 4.0 with AddressSanitizer in Ubuntu 16.04, x86-64 and print the debug information:
==18795==ERROR: AddressSanitizer: FPE on unknown address 0x0000005dd34d (pc 0x0000005dd34d bp 0x7ffc5b7534b0 sp 0x7ffc5b752c20 T0) #0 0x5dd34c in boundary3d /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/graph3d.c:423:50 #1 0x5cfd1b in do_3dplot /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/graph3d.c:761:5 #2 0x7358a0 in eval_3dplots /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/plot3d.c:2872:2 #3 0x7272fb in plot3drequest /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/plot3d.c:409:5 #4 0x562e2f in splot_command /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/command.c:2323:5 #5 0x554777 in command /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/command.c:659:2 #6 0x554109 in do_line /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/command.c:429:2 #7 0x6b2be8 in load_file /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/misc.c:335:10 #8 0x6f3526 in main /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/plot.c:636:3 #9 0x7f0038943bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310 #10 0x41dea9 in _start (/home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/gnuplot+0x41dea9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /home/ubuntu/target_subjects/gnuplot-gnuplot-main/obj-angora/pure_asan/src/../../../src/graph3d.c:423:50 in boundary3d ==18795==ABORTING