You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While fuzzing fastjson in version 1.2.75, I found 4 cases of undeclared exceptions (i.e., exceptions other than JSONException).
The crashes can be reproduced with the following standalone Java applications, which require fastjson-1.2.75.jar from https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.75/fastjson-1.2.75.jar in the classpath.
As the issues reported in this thread were found via fuzzing, I have drafted a PR that would set up fastjson for continuous fuzzing in OSS-Fuzz: google/oss-fuzz#5373
Let me know if you have any questions or concerns.
@wenshao Sorry, I didn't intend for google/oss-fuzz#5373 to be merged right away. If you want me to make any changes or revert the OSS-Fuzz integration entirely, please let me know.
While fuzzing
fastjson
in version 1.2.75, I found 4 cases of undeclared exceptions (i.e., exceptions other than JSONException).The crashes can be reproduced with the following standalone Java applications, which require fastjson-1.2.75.jar from https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.75/fastjson-1.2.75.jar in the classpath.
Issue 1:
NumberFormatException
Issue 2:
ClassCastException
Issue 3:
ArrayIndexOutOfBoundsException
Issue 4:
ArrayIndexOutOfBoundsException
The text was updated successfully, but these errors were encountered: