XML: fuzzing stack overflow #4629
Comments
|
Need to limit the maximum depth of the DOM to prevent this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Status: New
Owner: ----
CC: a...@adalogics.com, guen...@pocoproject.org, a...@pocoproject.org
Labels: Restrict-View-Commit ClusterFuzz Reproducible Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux Proj-poco Reported-2024-08-06
Type: Bug
New issue 70994 by ClusterFuzz-External: poco:xml_parser_fuzzer: Stack-overflow in Poco::XML::AbstractContainerNode::~AbstractContainerNode
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70994
Detailed Report: https://oss-fuzz.com/testcase?key=6577818702512128
Project: poco
Fuzzing Engine: libFuzzer
Fuzz Target: xml_parser_fuzzer
Job Type: libfuzzer_msan_poco
Platform Id: linux
Crash Type: Stack-overflow
Crash Address: 0x7ffc69db5f88
Crash State:
Poco::XML::AbstractContainerNode::~AbstractContainerNode
Poco::XML::Element::~Element
Sanitizer: memory (MSAN)
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_poco&range=202408050612:202408060606
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6577818702512128
The text was updated successfully, but these errors were encountered: