[
https://issues.apache.org/jira/browse/PROTON-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715145#comment-16715145
]
Andrew Stitcher commented on PROTON-1979:
-----------------------------------------
The testcase crashes because the encoded value has enough nested descriptor
types to overflow the stack in the testing environment.
I have found that running in different environments changes the effective stack
limit (probably due to different memory use per stack frame) so the specific
cases can succeed because they are not quite long enough to overflow the stack
in the specific testing environment, but are in the minimising environment.
> Decoding a bad message can overflow the stack
> ---------------------------------------------
>
> Key: PROTON-1979
> URL: https://issues.apache.org/jira/browse/PROTON-1979
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Major
> Labels: fuzzer
> Fix For: proton-c-0.27.0
>
>
> Found by oss-fuzz: [https://oss-fuzz.com/testcase?key=5920119225057280]
> A message with a described type whose descriptor is an array containing
> described types of an array containing described types of... can cause enough
> stack use to overflow the process stack.
> The message is quite long (and essentially meaningless) but none the less
> syntactically valid.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
