Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack-overflow (OSS-Fuzz 1444) #577

Closed
nlohmann opened this issue May 9, 2017 · 3 comments
Closed

Stack-overflow (OSS-Fuzz 1444) #577

nlohmann opened this issue May 9, 2017 · 3 comments
Labels
confirmed kind: bug

Comments

@nlohmann
Copy link
Owner

nlohmann commented May 9, 2017 

Detailed report: https://oss-fuzz.com/testcase?key=6168426957504512

Project: json
Fuzzer: libFuzzer_json_parse_afl_fuzzer
Job Type: libfuzzer_asan_json
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffd2de7bd88
Crash State:
  nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha
  
Sanitizer: address (ASAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_json&range=201705051619:201705061619

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6168426957504512


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.

clusterfuzz-testcase-minimized-6168426957504512.zip
@nlohmann
Copy link
Owner Author

nlohmann commented May 9, 2017

This is a classic stack overflow, related to #517. It reads an array with excessive nesting.

@nlohmann
Copy link
Owner Author

nlohmann commented May 9, 2017

There is currently little we can do about this error. One solution could be rewriting the parser to a non-recursive one.

@nlohmann nlohmann mentioned this issue May 10, 2017
Closed
@nlohmann
Copy link
Owner Author

nlohmann commented Jun 4, 2017

For some strange reason, OSS-Fuzz reported this issue as fixed.

@nlohmann nlohmann closed this as completed Jun 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed kind: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nlohmann