stack-overflow in yaml_emitter_anchor_node #226

nora-pxh · 2021-09-22T14:21:35Z

In the current version (0.2.5) use the following file to run fuzz.
https://github.com/google/oss-fuzz/blob/master/projects/libyaml/libyaml_dumper_fuzzer.c

# 0 0x0000000000565c6f in yaml_emitter_anchor_node () at dumper.c:213
# 1 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 2 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 3 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 4 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 5 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 6 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 7 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 8 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
......
# 104756 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104757 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104758 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104759 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104760 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104761 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104762 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104763 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104764 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104765 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104766 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104767 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104768 0x0000000000565ee1 in yaml_emitter_anchor_node () at dumper.c:220
# 104769 0x0000000000565449 in yaml_emitter_dump () at dumper.c:145
# 104770 0x000000000055787f in LLVMFuzzerTestOneInput () at /src/libyaml_dumper_fuzzer.c:255
# 104771 0x000000000045ae54 in ExecuteCallback () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599
# 104772 0x00000000004465c3 in RunOneTest () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323
# 104773 0x000000000044c28f in FuzzerDriver () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856
# 104774 0x0000000000475d43 in main () at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20

perlpunk · 2024-05-20T13:43:05Z

This should be fixed by google/oss-fuzz#11818 and is not a libyaml problem.
It's missing a reproducer file, but it looks like the exact same problem.
Closing

nora-pxh mentioned this issue Sep 22, 2021

fix heap buffer overflow in yaml_emitter_emit_flow_mapping_key and fix stack overflow in yaml_emitter_anchor_node #228

Closed

perlpunk closed this as completed May 20, 2024

perlpunk closed this as not planned Won't fix, can't repro, duplicate, stale May 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

stack-overflow in yaml_emitter_anchor_node #226

stack-overflow in yaml_emitter_anchor_node #226

nora-pxh commented Sep 22, 2021 •

edited

Loading

perlpunk commented May 20, 2024

stack-overflow in yaml_emitter_anchor_node #226

stack-overflow in yaml_emitter_anchor_node #226

Comments

nora-pxh commented Sep 22, 2021 • edited Loading

perlpunk commented May 20, 2024

nora-pxh commented Sep 22, 2021 •

edited

Loading