A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/sass/libsass/issues/2665 below:

9) · Issue #2665 · sass/libsass · GitHub

Hey there, I have discovered a null pointer dereference in libsass at: inspect.cpp:1060:9

Found when fuzzing commit 60f8391 of libsass, using commit aa6d5c6 of sassc as a harness.

Compile flags to reproduce:

CC=clang CXX=clang++ CFLAGS='-fsanitize=address -g -O2 -fno-omit-frame-pointer' CXXFLAGS=$CFLAGS make -C sassc -j8

System information:

$ uname -a
Linux s127422 3.13.0-137-generic #186-Ubuntu SMP Mon Dec 4 19:09:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

This bug was found to be in libsass releases from 3.3.2 until the commit fuzzed (60f8391).

You can find a collection of PoC files that trigger the bug here

The full ASAN report is shown below:

↳ ./sassc.bin < crash.file
ASAN:DEADLYSIGNAL
=================================================================
==30272==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000818883 bp 0x7fffec548770 sp 0x7fffec548520 T0)
    #0 0x818882 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/glenn/temp/libsass/src/inspect.cpp:1060:9
    #1 0x818c95 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/glenn/temp/libsass/src/inspect.cpp:1076:15
    #2 0x819902 in Sass::Inspect::operator()(Sass::Selector_List*) /home/glenn/temp/libsass/src/inspect.cpp:1113:7
    #3 0x7fa9df in Sass::Output::operator()(Sass::Ruleset*) /home/glenn/temp/libsass/src/output.cpp:138:12
    #4 0x80029f in Sass::Inspect::operator()(Sass::Block*) /home/glenn/temp/libsass/src/inspect.cpp:32:7
    #5 0x54cc72 in Sass::Context::render(Sass::SharedImpl<Sass::Block>) /home/glenn/temp/libsass/src/context.cpp:506:5
    #6 0x5209d8 in sass_compiler_execute /home/glenn/temp/libsass/src/sass_context.cpp:506:44
    #7 0x51f6e1 in sass_compile_context(Sass_Context*, Sass::Context*) /home/glenn/temp/libsass/src/sass_context.cpp:376:7
    #8 0x51707d in compile_stdin /home/glenn/temp/findsass/sassc/sassc.c:138:5
    #9 0x517a8e in main /home/glenn/temp/findsass/sassc/sassc.c:375:18
    #10 0x7fa62309282f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #11 0x4456d8 in _start (/home/glenn/temp/findsass/sassc.bin+0x4456d8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/glenn/temp/libsass/src/inspect.cpp:1060:9 in Sass::Inspect::operator()(Sass::Complex_Selector*)
==30272==ABORTING

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4