Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: heap-buffer-overflow at lexer.hpp #3056

Closed
rainoftime opened this issue Feb 10, 2020 · 1 comment · Fixed by #3057
Closed

AddressSanitizer: heap-buffer-overflow at lexer.hpp #3056

rainoftime opened this issue Feb 10, 2020 · 1 comment · Fixed by #3057
Labels
Bug - Confirmed

Comments

@rainoftime
Copy link

rainoftime commented Feb 10, 2020
edited
Loading

Git commit id

6e7ab5576391

POC
case1.txt

Describe the bug

Steps to reproduce the behavior:

  1. run ./tester $f where libsass is compiled with AddressSanitizer.
  2. the program crashes with the backtrace like:

For case1.txt

==31962==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f0000000e5 at pc 0x000001383bbc bp 0x7fffeb71e9d0 sp 0x7fffeb71e9c8
READ of size 1 at 0x60f0000000e5 thread T0
    #0 0x1383bbb in char const* Sass::Prelexer::exactly<(char)92>(char const*) /workdir/MemLock/evaluation/BUILD/libsass/SRC_MemLock/src/./lexe
r.hpp:82:14
    #1 0x140ad8e in char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::exactly<(char)92>(char const*)), &Sass::Prelexer::re_lin
ebreak>(char const*) /workdir/MemLock/evaluation/BUILD/libsass/SRC_MemLock/src/./lexer.hpp:216:20
    #2 0x140a94c in char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::exactly<(char
)92>(char const*)), &Sass::Prelexer::re_linebreak>(char const*)), &Sass::Prelexer::escape_seq, &Sass::Prelexer::unicode_seq, &Sass::Prelexer::i
nterpolant, &(char const* Sass::Prelexer::any_char_but<(char)39>(char const*))>(char const*) /workdir/MemLock/evaluation/BUILD/libsass/SRC_MemL
ock/src/./lexer.hpp:200:19
......

Desktop (please complete the following information):

  • OS: Ubuntu 16.04.2 LTS
  • Compiler & Version: Clang-6.0.1
  • Compilation mode and/or compiler flags: "-O0, -fsanitize=address,undefined"
@rainoftime rainoftime changed the title AddressSanitizer: heap-buffer-overflow at lexer.hpp:82:14 AddressSanitizer: heap-buffer-overflow at lexer.hpp:82:14 and memory.cpp:17:21 Feb 11, 2020
@rainoftime rainoftime changed the title AddressSanitizer: heap-buffer-overflow at lexer.hpp:82:14 and memory.cpp:17:21 AddressSanitizer: heap-buffer-overflow at lexer.hpp and memory.cpp Feb 11, 2020
@rainoftime rainoftime changed the title AddressSanitizer: heap-buffer-overflow at lexer.hpp and memory.cpp AddressSanitizer: heap-buffer-overflow at lexer.hpp Feb 11, 2020
@xzyfer
Copy link
Contributor

xzyfer commented Feb 11, 2020
edited
Loading

Minimal reproduction
test.scss.zip

xzyfer added a commit to xzyfer/libsass that referenced this issue Feb 11, 2020
@xzyfer
Fix heap-buffer-overflow in re_linebreak
e525e7b 
Fixes sass#3056
@xzyfer xzyfer mentioned this issue Feb 11, 2020
Merged
xzyfer added a commit that referenced this issue Feb 11, 2020
@xzyfer
Fix heap-buffer-overflow in re_linebreak (#3057)
7a21c79 
Fixes #3056
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug - Confirmed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix heap-buffer-overflow in re_linebreak xzyfer/libsass
2 participants
@xzyfer @rainoftime