Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack overflow with recursive refs #200

Open
tyler92 opened this issue Oct 20, 2024 · 3 comments
Open

Stack overflow with recursive refs #200

tyler92 opened this issue Oct 20, 2024 · 3 comments

Comments

@tyler92
Copy link
Contributor

tyler92 commented Oct 20, 2024

Example:

[
    {
        "description": "recursive ref",
        "schema": {
            "items": [
                {"$ref": "#/items/0"}
            ]
        },
        "tests": [ ]
    }
]

Address sanitizer report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1872324==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe150bea88 (pc 0x55dfc89a4c0f bp 0x7ffe150bf2d0 sp 0x7ffe150bea90 T0)
    #0 0x55dfc89a4c0f in __asan_memcpy (valijson/myfuzzing/prefix/bin/fuzzer+0x16ec0f) (BuildId: fb50edf90e4b5e099f651da860e13ff632c933ef)
    #1 0x55dfc8aaec60 in valijson::adapters::BasicAdapter<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonArray<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonObjectMember<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonObject<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonValue<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::BasicAdapter(valijson::adapters::BasicAdapter<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonArray<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonObjectMember<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonObject<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>, valijson::adapters::GenericRapidJsonValue<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>> const&) valijson/myfuzzing/cmake-build/../../include/valijson/internal/basic_adapter.hpp:83:7
    #2 0x55dfc8aaeb5a in valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>::GenericRapidJsonAdapter(valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&) valijson/myfuzzing/cmake-build/../../include/valijson/adapters/rapidjson_adapter.hpp:611:7
    #3 0x55dfc8bc2c1c in valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> valijson::internal::json_pointer::resolveJsonPointer<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, __gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>) valijson/myfuzzing/cmake-build/../../include/valijson/internal/json_pointer.hpp:166:16
    #4 0x55dfc8bc3a83 in valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> valijson::internal::json_pointer::resolveJsonPointer<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, __gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>) valijson/myfuzzing/cmake-build/../../include/valijson/internal/json_pointer.hpp:220:20
    #5 0x55dfc8bc4110 in valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> valijson::internal::json_pointer::resolveJsonPointer<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, __gnu_cxx::__normal_iterator<char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>) valijson/myfuzzing/cmake-build/../../include/valijson/internal/json_pointer.hpp:244:16
    #6 0x55dfc8b5a28a in valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> valijson::internal::json_pointer::resolveJsonPointer<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) valijson/myfuzzing/cmake-build/../../include/valijson/internal/json_pointer.hpp:266:12
    #7 0x55dfc8b80507 in valijson::Subschema const* valijson::SchemaParser::makeOrReuseSchema<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::Schema&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, valijson::SchemaParser::FunctionPtrs<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::FetchDoc, valijson::Subschema const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const*, valijson::SchemaParser::DocumentCache<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::Type&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, valijson::Subschema const*, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, valijson::Subschema const*>>>&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) valijson/schema_parser.hpp:489:17
    #8 0x55dfc8b80610 in valijson::Subschema const* valijson::SchemaParser::makeOrReuseSchema<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::Schema&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, valijson::SchemaParser::FunctionPtrs<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::FetchDoc, valijson::Subschema const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const*, valijson::SchemaParser::DocumentCache<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::Type&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, valijson::Subschema const*, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, valijson::Subschema const*>>>&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) valijson/schema_parser.hpp:496:16
    #9 0x55dfc8b80610 in valijson::Subschema const* valijson::SchemaParser::makeOrReuseSchema<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>(valijson::Schema&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>> const&, std::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, valijson::SchemaParser::FunctionPtrs<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::FetchDoc, valijson::Subschema const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const*, valijson::SchemaParser::DocumentCache<valijson::adapters::GenericRapidJsonAdapter<rapidjson::GenericValue<rapidjson::UTF8<char>, rapidjson::MemoryPoolAllocator<rapidjson::CrtAllocator>>>>::Type&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, valijson::Subschema const*, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const, valijson::Subschema const*>>>&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) valijson/schema_parser.hpp:496:16
    ...
@tyler92 tyler92 mentioned this issue Oct 20, 2024
Merged
@tristanpenman
Copy link
Owner

tristanpenman commented Oct 22, 2024
edited
Loading

Awesome work @tyler92 - all of your PRs have been merged. Thanks for the contribution! 🔥

Now I'll just let the dust settle for a few days before cutting a new release. If there are any issues with the fuzzing changes downstream, we should know with a day or two.

@tyler92
Copy link
Contributor Author

tyler92 commented Oct 22, 2024

Probably I created too many PRs 🙂 . This issue is not solved and it's better to reopen it. Just in case, here is an overview of my PRs/issues:

I think it's OK that fuzzing merged, in the worst case you will receive an e-mail from oss-fuzz about that bug later

@tristanpenman tristanpenman reopened this Oct 22, 2024
@tristanpenman
Copy link
Owner

My bad 🤦 I didn't look at the description closely enough and mixed it up with the PR for fixing unresolved references.

I'll leave this open until the issue is correctly resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tristanpenman @tyler92