dynamic-stack-buffer-overflow in json_ptr::encode #1439
Description
lnav version
master
To Reproduce
Steps to reproduce the behavior:
- Build with ASAN.
printf '{"######################################0"0}\x0a' | ./lnav.asan -n
==4072977==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffff31fb367 at pc 0x55555744de89 bp 0x7ffff31fb210 sp 0x7ffff31fb208
WRITE of size 1 at 0x7ffff31fb367 thread T1
#0 0x55555744de88 in json_ptr::encode(char*, unsigned long, char const*, unsigned long) /home/kcwu/fuzz/targets/lnav/lnav/src/yajlpp/json_ptr.cc:211:37
#1 0x55555744d8c4 in handle_map_key(void*, unsigned char const*, unsigned long) /home/kcwu/fuzz/targets/lnav/lnav/src/yajlpp/json_ptr.cc:124:20
#2 0x55555744a327 in yajl_do_parse /home/kcwu/fuzz/targets/lnav/lnav/src/yajl/yajl_parser.c:402:25
#3 0x555557451950 in json_ptr_walk::parse(unsigned char const*, long) /home/kcwu/fuzz/targets/lnav/lnav/src/yajlpp/json_ptr.cc:564:19
#4 0x555556548abd in json_ptr_walk::parse(string_fragment const&) /home/kcwu/fuzz/targets/lnav/lnav/src/./yajlpp/json_ptr.hh:66:22
#5 0x555556548440 in json_ptr_walk::parse_fully(string_fragment const&) /home/kcwu/fuzz/targets/lnav/lnav/src/./yajlpp/json_ptr.hh:73:29
#6 0x55555654428c in lnav::piper::multiplex_matcher::match(string_fragment const&) /home/kcwu/fuzz/targets/lnav/lnav/src/piper.match.cc:50:13
found by afl++