Stack-Overflow in libsass library #2517
Description
Stack-Overflow in libsass library
Version : master
Reproduce:
$./sassc poc15
poc download here:
https://github.com/lcytxw/libsass-collAfl/blob/master/poc15
ASAN debugging information:
Program received signal SIGSEGV, Segmentation fault.
0x000000000043f8d0 in strcmp ()
(gdb) bt
#0 0x000000000043f8d0 in strcmp ()
#1 0x00007ffff6e12353 in __cxxabiv1::__vmi_class_type_info::__do_dyncast(long, __cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info const*, void const*, __cxxabiv1::__class_type_info const*, void const*, __cxxabiv1::__class_type_info::__dyncast_result&) const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#2 0x00007ffff6e0f312 in __dynamic_cast () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x00007ffff75285cd in Sass::CastSass::List (ptr=0x7ffff7af6f60 )
at ast_fwd_decl.cpp:22
#4 0x00007ffff72ba31a in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:454
#5 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#6 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#7 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#8 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#9 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#10 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#11 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#12 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
#13 0x00007ffff72ba414 in Sass::Selector_List::operator== (this=0x611000051300, rhs=...) at ast.cpp:455
Credits:
This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact [email protected] and [email protected] if you need more info about the team, the tool or the vulnerability.