New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer: stack-overflow at IMPLEMENT_AST_OPERATORS expansion #2660
Comments
|
Thanks for the report. |
|
The three cases from the original post no longer fail. |
|
A simple reproduction: :not(f(x)) {
color: red;
@extend x;
}sassc: Stack Overflow. dart-sass: ruby-sass: |
|
This is fixed on master (not sure by which commit) |
|
Can you please explain where is the fix commit? And what is the specific version that contains this fix? NVD says about the vulnerability CVE-2018-19838: "In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy()." with a reference to this issue #2660. |
We found with our fuzzer some stack over flow errors when executing on
IMPLEMENT_AST_OPERATORSexpansion inside ast.cpp (exact lines may differ in 2163 or 2164 when compiled with different optimizations, 45f5087) when compiled with Address Sanitizer (using sassc as the driver).Sample input files:
test_s201.txt
test_s202.txt
test_s204.txt
The text was updated successfully, but these errors were encountered: