Crash in searchKeys
p4zuu opened this issue · 0 comments
p4zuu commented
The following code makes a panic in searchKeys function:
package fuzz
import (
"testing"
"github.com/buger/jsonparser"
)
func TestFuzzCrasher(t *testing.T) {
crasher := []byte(`{{{"":`)
jsonparser.GetInt(crasher, "a", "b")
}Here is the panic output
panic: runtime error: index out of range [2] with length 2
goroutine 1 [running]:
github.com/buger/jsonparser.searchKeys(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0xffffffffffffffff)
/Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:264 +0xef5
github.com/buger/jsonparser.internalGet(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x0, 0xc000000180, 0xc000088d70, 0x1031f50, ...)
/Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:876 +0x3b5
github.com/buger/jsonparser.Get(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x1052a72, 0x10442bc, 0x1054ab0, 0xc000088e08, ...)
/Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:870 +0x8b
github.com/buger/jsonparser.GetInt(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x1a22912800000000, 0x5daa1a76, 0xc000088e70)
/Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:1140 +0x8b
_/Users/thomasleroy/Security/Fuzzing/Go-fuzz.Fuzz(0x4010000, 0x6, 0x6, 0x3)
/Users/thomasleroy/Security/Fuzzing/Go-fuzz/jsonparser.go:8 +0x95
go-fuzz-dep.Main(0xc000088f48, 0x1, 0x1)
go-fuzz-dep/main.go:36 +0x1ad
main.main()
_/Users/thomasleroy/Security/Fuzzing/Go-fuzz/go.fuzz.main/main.go:15 +0x52
exit status 2
The function also crashes if you call GetInt(crasher, "a")