We found with our fuzzer some stack over flow errors in Sass::Eval::operator() (eval.cpp, 45f5087) when compiled with Address Sanitizer (using sassc as the driver).
ASAN:SIGSEGV
=================================================================
==17362==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe362605b0 (pc 0x7f7c51f2f7fe bp 0x7ffe36261810 sp 0x7ffe36260510 T0)
#0 0x7f7c51f2f7fd in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:563
#1 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#2 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#3 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#4 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#5 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#6 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#7 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#8 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
...
#248 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#249 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#250 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
#251 0x7f7c51f2fe37 in Sass::Eval::operator()(Sass::Binary_Expression*) /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:595
SUMMARY: AddressSanitizer: stack-overflow /home/hongxu/FUZZ/libsass-orig/src/eval.cpp:563 Sass::Eval::operator()(Sass::Binary_Expression*)
==17362==ABORTING
The text was updated successfully, but these errors were encountered:
hongxuchen
changed the title
Stack Over flow errors in Eval::operator()
AddressSanitizer: stack-overflow in Eval::operator() (eval.cpp:563)
Jun 3, 2018
We found with our fuzzer some stack over flow errors in
Sass::Eval::operator()(eval.cpp, 45f5087) when compiled with Address Sanitizer (using sassc as the driver).Sample input files:
test_s102.txt
test_s401.txt
test_s601.txt
The text was updated successfully, but these errors were encountered: