Segmentation fault in solc in function solidity::frontend::experimental::Analysis::annotationContainer, file libsolidity/experimental/analysis/Analysis.cpp about solidity HOT 6 CLOSED

Hi @djuricmilan ! Thanks for the report.
Could you clarify what PoC is about? Also could you provide the Solidity code repro that generated such seg fault?

from solidity.

Hi @matheusaaguiar,

PoC is the solidity code that causes the segfault when invoked with solc, version 0.8.24:

solc poc.sol

from solidity.

@djuricmilan , sorry, but I am confused, that is far from a valid Solidity code.

from solidity.

This is the result of fuzzing, so random (well mutated) code that should still retain valid compiler behaviour (as in proper errors instead of crashes or segfaults).
The curious thing here is that the segfault is in experimental analysis, which should only be invoked at all with pragma experimental solidity; (by the way, there's no stability guarantees for that compiler mode and it will involve a lot of invalid behaviour - that's to be expected at the current stage and we're not interested in crashes, if it involves a full valid pragma experimental solidity; at this point).

But the reproduction does not involve such a pragma, so the question is why experimental analysis runs in the first place.

However, I can't reproduce the behaviour with 0.8.24 myself.

from solidity.

Ok, I attached the actual PoC that caused the segfault to this comment. Apologies from my side, I was fooled by my terminal multiplexer that simply did not display all the bytes when printing the PoC... The PoC indeed starts with a valid pragma experimental solidity statement, so you I assume the crash is not relevant.
bug2.zip

from solidity.

Thanks for confirming. Since this happened with experimental, we can close this issue.

from solidity.