AddressSanitizer: stack-overflow on address 0x7ffff3e46ff8 (pc 0x7f13120dddd5 bp 0x615000000be8 sp 0x7ffff3e47000 T0)
lmm-1997 opened this issue · 2 comments
I use AFL to fuzz libsass, and it finds a stack-overflow on the target.
version: 3.6.4, 3.6.5
POC:poc
CMD:./sassc poc
ASAN has reported a stack-overflow
==7839==ERROR: AddressSanitizer: stack-overflow on address 0x7ffffd5f1ff8 (pc 0x7f3b771df786 bp 0x6110000023c8 sp 0x7ffffd5f2000 T0)
#0 0x7f3b771df785 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785)
#1 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44)
#2 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda)
#3 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a)
...
#245 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44)
#246 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda)
#247 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a)
#248 0x7f3b771df7b8 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x4047b8)
SUMMARY: AddressSanitizer: stack-overflow (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785) in Sass::CompoundSelector::has_real_parent_ref() const
==7839==ABORTING