sassc
sassc copied to clipboard
Published
20 hours ago •
sass
sass
heap-buffer-overflow (READ of size 1) in prelexer.hpp
tested commit ceef4cd8, compiled with clang 8 and address sanitizer.
echo "MHt0Oihc" | base64 -d | ./sassc
==26540==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000017 at pc 0x0000007f2978 bp 0x7ffdf7167030 sp 0x7ff df7167028
READ of size 1 at 0x602000000017 thread T0
#0 0x7f2977 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), & (char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*) /root/libsass/src/prelexer.hpp:70:14
#1 0x7f2977 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), & (char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*) /root/libsass/src/prelexer.hpp:123
#2 0x7f2977 in char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prele xer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:221
#3 0x7f2977 in char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char co nst* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexe r::exactly<(char)41>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:228
#4 0x7f2977 in Sass::Prelexer::parenthese_scope(char const*) /root/libsass/src/prelexer.cpp:1630
#5 0x7dfaea in char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*) /root/libsass/src/lexer.hpp:227:20
#6 0x7dfaea in char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_s cope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char c onst*))>(char const*) /root/libsass/src/lexer.hpp:205
#7 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&S ass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_st ring>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:212
#8 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const * Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::option al<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:212
#9 0x7dfaea in char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifie r, &Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpo lant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*) /root/li bsass/src/lexer.hpp:212
#10 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::block_comment, &(char const* Sass::Prelexer::seque nce<&Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char con st*)), &Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthes e_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(cha r const*))>(char const*) /root/libsass/src/lexer.hpp:212
#11 0x7dfaea in char const* Sass::Prelexer::non_greedy<&(char const* Sass::Prelexer::alternatives<&Sass::Prelexer::block_com ment, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexe r::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const* Sass::Prel exer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Pr elexer::quoted_string>(char const*))>(char const*))>(char const*)), &(char const* Sass::Prelexer::sequence<&(char const* Sass::P relexer::alternatives<&(char const* Sass::Prelexer::exactly<(char)123>(char const*)), &(char const* Sass::Prelexer::exactly<(cha r)125>(char const*)), &(char const* Sass::Prelexer::exactly<(char)59>(char const*))>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:265
#12 0x72fcf7 in char const* Sass::Parser::peek<&(char const* Sass::Prelexer::non_greedy<&(char const* Sass::Prelexer::altern atives<&Sass::Prelexer::block_comment, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant, &(char const* Sass:: Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifier, &Sass::Prelexer::v ariable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* S ass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*)), &(char const* Sass::Prelexe r::sequence<&(char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::exactly<(char)123>(char const*)), &(char co nst* Sass::Prelexer::exactly<(char)125>(char const*)), &(char const* Sass::Prelexer::exactly<(char)59>(char const*))>(char const *))>(char const*))>(char const*))>(char const*) /root/libsass/src/parser.hpp:137:27
#13 0x72fcf7 in Sass::Parser::lookahead_for_value(char const*) /root/libsass/src/parser.cpp:2879
#14 0x71dafb in Sass::Parser::parse_declaration() /root/libsass/src/parser.cpp:1079:29
#15 0x6dd519 in Sass::Parser::parse_block_node(bool) /root/libsass/src/parser.cpp:308:30
#16 0x6d1e0b in Sass::Parser::parse_block_nodes(bool) /root/libsass/src/parser.cpp:196:11
#17 0x6d5714 in Sass::Parser::parse_css_block(bool) /root/libsass/src/parser.cpp:153:10
#18 0x702c32 in Sass::Parser::parse_block(bool) /root/libsass/src/parser.cpp:177:12
#19 0x702c32 in Sass::Parser::parse_ruleset(Lookahead) /root/libsass/src/parser.cpp:537
#20 0x6db474 in Sass::Parser::parse_block_node(bool) /root/libsass/src/parser.cpp:278:21
#21 0x6d1e0b in Sass::Parser::parse_block_nodes(bool) /root/libsass/src/parser.cpp:196:11
#22 0x6cdf49 in Sass::Parser::parse() /root/libsass/src/parser.cpp:122:5
#23 0x5795b1 in Sass::Context::register_resource(Sass::Include const&, Sass::Resource const&) /root/libsass/src/context.cpp: 332:24
#24 0x58fc4c in Sass::Data_Context::parse() /root/libsass/src/context.cpp:644:5
#25 0x53eacc in Sass::sass_parse_block(Sass_Compiler*) /root/libsass/src/sass_context.cpp:234:31
#26 0x53eacc in sass_compiler_parse /root/libsass/src/sass_context.cpp:483
#27 0x53dd88 in sass_compile_context(Sass_Context*, Sass::Context*) /root/libsass/src/sass_context.cpp:371:7
#28 0x53dbbe in sass_compile_data_context /root/libsass/src/sass_context.cpp:456:12
#29 0x532c67 in compile_stdin /root/sassc/sassc.c:138:5
#30 0x5339a2 in main /root/sassc/sassc.c:377:18
#31 0x7fe03f7912e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#32 0x45b209 in _start (/root/sassc/bin/sassc+0x45b209)
0x602000000017 is located 0 bytes to the right of 7-byte region [0x602000000010,0x602000000017)
allocated by thread T0 here:
#0 0x503dd2 in realloc /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:165:3
#1 0x532b9b in compile_stdin /root/sassc/sassc.c:112:25
#2 0x5339a2 in main /root/sassc/sassc.c:377:18
#3 0x7fe03f7912e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/libsass/src/prelexer.hpp:70:14 in char const* Sass::Prelexer::skip_over_sc opes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*) )>(char const*, char const*)
