Stack-overflow occured when parsing a bad json file

[bladchan]

Hi,

I'm playing fuzzing and I found a stack-overflow issue when parsing a bad json file

Environment: Ubuntu 18.04 + gcc 7.5.0

Poc stack_overflow.zip

Driver program:

// test.cc
#include "tao/json.hpp"
#include "tao/json/contrib/traits.hpp"

int main(int argc, char** argv){
	
	if ( argc != 2 ) return -1;
	const tao::json::value v = tao::json::from_file( argv[1] );
	return 0;
	
}

To reproduce:

1. Compile the driver program with ASAN:

 g++ -fsanitize=address -o harness -std=c++17 -lstdc++fs

2. Run poc:

./test ./stack_overflow.json

ASAN says:
There is too much stack information need to attach, so I save the information into a file.
asan_report.txt

[ColinH]

By default there is no protection against excessive stack use. This is to not produce any overhead in cases where such a protection is not necessary, for example when the size of the JSON input is limited "enough".

For cases where such a protection is required the modularity of the library makes it relatively easy to use the included limit_nesting_depth Events transformer to enforce a user-defined limit on the nesting depth of Arrays and Objects.

[bladchan]

Indeed, thanks for your quick reply.