OSS-Fuzz: Stack-overflow in XML_Node::RemoveContent #1877
Comments
kevinbackhouse
added
bug
OSS-Fuzz
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We got our first bug report from OSS-Fuzz.
To nobody's surprise, it's a bug in xmpsdk. I have to admit that I was already aware of this issue, but had attempted to sweep it under the carpet by limiting the size of the images in the corpus to at most 20KB. The bug is triggered by a deeply nested XML tree, which causes a stack overflow in xmpsdk's recursive code. It's worth noting that the maximum stack size is much more limited in the fuzzer than in the normal exiv2 application, so the attached poc does not crash exiv2. However, a sufficiently large poc could crash exiv2.
poc: clusterfuzz-testcase-minimized-fuzz-read-print-write-5342978104229888.tar.gz
The text was updated successfully, but these errors were encountered: