libsass
libsass copied to clipboard
AddressSanitizer: stack-overflow on address 0x7ffff3e46ff8 (pc 0x7f13120dddd5 bp 0x615000000be8 sp 0x7ffff3e47000 T0)
I use AFL to fuzz libsass, and it finds a stack-overflow on the target.
version: 3.6.4, 3.6.5
POC:poc
CMD:./sassc poc
ASAN has reported a stack-overflow
==7839==ERROR: AddressSanitizer: stack-overflow on address 0x7ffffd5f1ff8 (pc 0x7f3b771df786 bp 0x6110000023c8 sp 0x7ffffd5f2000 T0) #0 0x7f3b771df785 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785) #1 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44) #2 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda) #3 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a) ... #245 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44) #246 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda) #247 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a) #248 0x7f3b771df7b8 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x4047b8)
SUMMARY: AddressSanitizer: stack-overflow (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785) in Sass::CompoundSelector::has_real_parent_ref() const ==7839==ABORTING