[
https://issues.apache.org/jira/browse/PROTON-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715105#comment-16715105
]
Jiri Daněk commented on PROTON-1979:
------------------------------------
https://oss-fuzz.com/testcase-detail/6308214774169600
This was supposed to be fixed by 5ba471d97f9e04c8e68f2270681038b3c1eac0ed for
PROTON-1979, but I still see this at that commit (which is latest proton-c
master now).
{noformat}
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1==ERROR: AddressSanitizer: stack-overflow on address 0x7fff470c4fe8 (pc
0x00000051afd8 bp 0x7fff470c5860 sp 0x7fff470c4ff0 T0)
SCARINESS: 10 (stack-overflow)
#0 0x51afd7 in __asan_memset _asan_rtl_
#1 0x583fe5 in pni_data_add /src/qpid-proton/c/src/core/codec.c:1517:21
#2 0x571d7a in pn_data_put_described
/src/qpid-proton/c/src/core/codec.c:1572:22
#3 0x586bf7 in pni_decoder_decode_type
/src/qpid-proton/c/src/core/decoder.c:470:11
#4 0x5890ae in pni_decoder_single
/src/qpid-proton/c/src/core/decoder.c:517:13
#5 0x5890ae in pni_decoder_decode_value
/src/qpid-proton/c/src/core/decoder.c:438
#6 0x586b8a in pni_decoder_single_described
/src/qpid-proton/c/src/core/decoder.c:505:13
#7 0x586b8a in pni_decoder_decode_type
/src/qpid-proton/c/src/core/decoder.c:477
#8 0x5890ae in pni_decoder_single
/src/qpid-proton/c/src/core/decoder.c:517:13
#9 0x5890ae in pni_decoder_decode_value
/src/qpid-proton/c/src/core/decoder.c:438
#10 0x586b8a in pni_decoder_single_described
/src/qpid-proton/c/src/core/decoder.c:505:13
#11 0x586b8a in pni_decoder_decode_type
/src/qpid-proton/c/src/core/decoder.c:477
#12 0x5890ae in pni_decoder_single
/src/qpid-proton/c/src/core/decoder.c:517:13
#13 0x5890ae in pni_decoder_decode_value
/src/qpid-proton/c/src/core/decoder.c:438
#14 0x586b8a in pni_decoder_single_described
/src/qpid-proton/c/src/core/decoder.c:505:13
#15 0x586b8a in pni_decoder_decode_type
/src/qpid-proton/c/src/core/decoder.c:477
#16 0x5890ae in pni_decoder_single
/src/qpid-proton/c/src/core/decoder.c:517:13
#17 0x5890ae in pni_decoder_decode_value
/src/qpid-proton/c/src/core/decoder.c:438
#18 0x586b8a in pni_decoder_single_described
/src/qpid-proton/c/src/core/decoder.c:505:13
#19 0x586b8a in pni_decoder_decode_type
/src/qpid-proton/c/src/core/decoder.c:477
#20 0x5890ae in pni_decoder_single
/src/qpid-proton/c/src/core/decoder.c:517:13
[...]
{noformat}
> Decoding a bad message can overflow the stack
> ---------------------------------------------
>
> Key: PROTON-1979
> URL: https://issues.apache.org/jira/browse/PROTON-1979
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Major
> Labels: fuzzer
> Fix For: proton-c-0.27.0
>
>
> Found by oss-fuzz: [https://oss-fuzz.com/testcase?key=5920119225057280]
> A message with a described type whose descriptor is an array containing
> described types of an array containing described types of... can cause enough
> stack use to overflow the process stack.
> The message is quite long (and essentially meaningless) but none the less
> syntactically valid.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
