This repository was archived by the owner on Oct 24, 2025. It is now read-only.
This repository was archived by the owner on Oct 24, 2025. It is now read-only.
AddressSanitizer: stack-overflow at IMPLEMENT_AST_OPERATORS expansion #2660
Description
We found with our fuzzer some stack over flow errors when executing on IMPLEMENT_AST_OPERATORS expansion inside ast.cpp (exact lines may differ in 2163 or 2164 when compiled with different optimizations, 45f5087) when compiled with Address Sanitizer (using sassc as the driver).
ASAN:SIGSEGV ================================================================= ==17364==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe07614ff8 (pc 0x7f79ff50c279 bp 0x0000000000e8 sp 0x7ffe07614ff0 T0) #0 0x7f79ff50c278 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xb0278) #1 0x7f79ff50bd67 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xafd67) #2 0x7f79ff47ef4f (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22f4f) #3 0x7f79ff4f54fe in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x994fe) #4 0x7f79fedf58ea in Sass::Compound_Selector::copy() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2163 #5 0x7f79fede080a in Sass::Compound_Selector::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2163 #6 0x7f79fedee303 in Sass::Complex_Selector::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1490 #7 0x7f79fede08b7 in Sass::Complex_Selector::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2164 #8 0x7f79fedee48c in Sass::Complex_Selector::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1491 #9 0x7f79fede08b7 in Sass::Complex_Selector::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2164 #10 0x7f79fedee48c in Sass::Complex_Selector::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1491 #11 0x7f79fede08b7 in Sass::Complex_Selector::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2164 #12 0x7f79fedebda7 in Sass::Selector_List::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1504 #13 0x7f79fede09b7 in Sass::Selector_List::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2170 ... #248 0x7f79fedee48c in Sass::Complex_Selector::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1491 #249 0x7f79fede08b7 in Sass::Complex_Selector::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2164 #250 0x7f79fedebda7 in Sass::Selector_List::cloneChildren() /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:1504 #251 0x7f79fede09b7 in Sass::Selector_List::clone() const /home/hongxu/FUZZ/libsass-orig/src/ast.cpp:2170 SUMMARY: AddressSanitizer: stack-overflow ??:0 ?? ==17364==ABORTING Sample input files:
test_s201.txt
test_s202.txt
test_s204.txt