-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzz-format: Timeout in fuzz-format #6058
Comments
FYI @bbaa-bbaa we might have an infinite loop in the formatter |
caddy/caddyconfig/caddyfile/formatter.go Line 102 in f5344f8
It seems that golang is not vulnerable to redos. I will do a deeper investigation.
Converting []rune to string seems to be inefficient. caddy/caddyconfig/caddyfile/formatter.go Lines 130 to 132 in b9c40e7
|
Yeah that makes sense. We could limit it to like 16 or 32 chars, which is probably way longer than anyone would ever need. |
Detailed Report: https://oss-fuzz.com/testcase?key=5957507767926784
Project: caddy
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz-format
Job Type: libfuzzer_asan_caddy
Platform Id: linux
Crash Type: Timeout (exceeds 60 secs)
Crash Address:
Crash State:
fuzz-format
Sanitizer: address (ASAN)
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_caddy&range=202401210622:202401220608
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5957507767926784
Issue on oss-fuzz tracker: Issue 66099
Minimized reproducer test case: clusterfuzz-testcase-minimized-fuzz-format-5957507767926784.txt
The text was updated successfully, but these errors were encountered: