Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack Overflow in SingleDocParser::HandleFlowMap() #654

Closed
E4ck opened this issue Dec 28, 2018 · 3 comments · Fixed by #807
Closed

Stack Overflow in SingleDocParser::HandleFlowMap() #654

E4ck opened this issue Dec 28, 2018 · 3 comments · Fixed by #807

Comments

@E4ck
Copy link

E4ck commented Dec 28, 2018

Stack Overflow in SingleDocParser::HandleFlowMap()

position:code

poc

To reproduce: ./parse < crash9.txt

gdb:
Program received signal SIGSEGV, Segmentation fault.
0x08081d5d in YAML::SingleDocParser::HandleFlowMap(YAML::EventHandler&) ()

ASAN:
ASAN:DEADLYSIGNAL
================================================================= ==6596==ERROR: AddressSanitizer: stack-overflow on address 0xbf09dee0 (pc 0x0814e423 bp 0xbf09e308 sp 0xbf09ded0 T0)
#0 0x814e422 (/home/user/yaml-cpp/build/util/parse+0x814e422)
#1 0x816fd48 (/home/user/yaml-cpp/build/util/parse+0x816fd48)
#2 0x8190a72 (/home/user/yaml-cpp/build/util/parse+0x8190a72)
#3 0x81d5061 (/home/user/yaml-cpp/build/util/parse+0x81d5061)
#4 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#5 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#6 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#7 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#8 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#9 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#10 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
......
#247 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#248 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
#249 0x81d511a (/home/user/yaml-cpp/build/util/parse+0x81d511a)
#250 0x81deb85 (/home/user/yaml-cpp/build/util/parse+0x81deb85)
SUMMARY: AddressSanitizer: stack-overflow (/home/user/yaml-cpp/build/util/parse+0x814e422) ==6596==ABORTING
@carnil
Copy link

carnil commented Dec 28, 2018

CVE-2018-20574

@AlanGriffiths AlanGriffiths mentioned this issue Jan 20, 2020
Merged
@NicoleG25
Copy link

@jbeder Was this ever addressed?
Thanks in advance !

@jbeder
Copy link
Owner

jbeder commented Apr 7, 2020

I don't think so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix stack overflow
4 participants
@carnil @jbeder @E4ck @NicoleG25