You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The is a SEGV error due to reading at 0x0 address in Sass::Inspect::operator().
It happens in both (libsass 3.6.4 + sassc 3.6.1) and (libsass 3.6.5 + sassc 3.6.2) configurations.
Build the code with ASan like : CC=clang CXX=clang++ CFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" make -C sassc-3.6.1 -j8
In (libsass 3.6.4 + sassc 3.6.1), the output is:
$ ./sassc_asan sass_crash2.scss
WARNING on line 14, column 10 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 28, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 36, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
AddressSanitizer:DEADLYSIGNAL
==22973==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000009e62b0 bp 0x000000000000 sp 0x7fffe72e6090 T0)
==22973==The signal is caused by a READ memory access.
==22973==Hint: address points to the zero page.
#0 0x9e62af in Sass::Inspect::operator()(Sass::List*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:466:24 #1 0x9da914 in Sass::Inspect::operator()(Sass::Declaration*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:184:11 #2 0x9ca26a in Sass::Output::operator()(Sass::StyleRule*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/output.cpp:172:14 #3 0x9d3c10 in Sass::Inspect::operator()(Sass::Block*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:35:20 #4 0x59a80b in Sass::Block::perform(Sass::Operation) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/ast.hpp:510:5 #5 0x59a80b in Sass::Context::render(Sass::SharedImplSass::Block) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/context.cpp:498 #6 0x56989f in sass_compiler_execute /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:454:53 #7 0x567ff2 in sass_compile_context(Sass_Context, Sass::Context*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:319:7 #8 0x5682da in sass_compile_file_context /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:422:12 #9 0x55f520 in compile_file /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/sassc-3.6.1/sassc.c:158:5 #10 0x560afe in main /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/sassc-3.6.1/sassc.c:370:18 #11 0x7faae9491b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #12 0x466519 in _start (/mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sassc_asan+0x466519)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:466:24 in Sass::Inspect::operator()(Sass::List*)
==22973==ABORTING
In (libsass 3.6.5 + sassc 3.6.2) , the output is:
$ ./sassc ../../sass_crash2.scss
WARNING on line 14, column 10 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 28, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 36, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
AddressSanitizer:DEADLYSIGNAL
==22961==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000063dd44 bp 0x000000000000 sp 0x7fffd3a8f540 T0)
==22961==The signal is caused by a READ memory access.
==22961==Hint: address points to the zero page.
#0 0x63dd43 in Sass::Inspect::operator()(Sass::List*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63dd43) #1 0x63bc1d in Sass::Inspect::operator()(Sass::Declaration*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63bc1d) #2 0x6389cc in Sass::Output::operator()(Sass::StyleRule*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x6389cc) #3 0x63a9e1 in Sass::Inspect::operator()(Sass::Block*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63a9e1) #4 0x53ebba in Sass::Context::render(Sass::SharedImplSass::Block) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x53ebba) #5 0x52f24f in sass_compiler_execute (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x52f24f) #6 0x52eb4e in sass_compile_context(Sass_Context*, Sass::Context*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x52eb4e) #7 0x52b4a6 in compile_file /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/sassc.c:173:5 #8 0x52bdf8 in main /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/sassc.c:387:18 #9 0x7ff668091b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #10 0x432be9 in _start (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x432be9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63dd43) in Sass::Inspect::operator()(Sass::List*)
==22961==ABORTING
Found by Fuzzing.
The text was updated successfully, but these errors were encountered:
The is a SEGV error due to reading at 0x0 address in Sass::Inspect::operator().
It happens in both (libsass 3.6.4 + sassc 3.6.1) and (libsass 3.6.5 + sassc 3.6.2) configurations.
POC file: https://github.com/zyingp/temp/blob/master/sass_crash2.scss
Build the code with ASan like : CC=clang CXX=clang++ CFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-g -fsanitize=address -fno-omit-frame-pointer" make -C sassc-3.6.1 -j8
In (libsass 3.6.4 + sassc 3.6.1), the output is:
$ ./sassc_asan sass_crash2.scss
WARNING on line 14, column 10 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 28, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 36, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
AddressSanitizer:DEADLYSIGNAL
==22973==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000009e62b0 bp 0x000000000000 sp 0x7fffe72e6090 T0)
==22973==The signal is caused by a READ memory access.
==22973==Hint: address points to the zero page.
#0 0x9e62af in Sass::Inspect::operator()(Sass::List*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:466:24
#1 0x9da914 in Sass::Inspect::operator()(Sass::Declaration*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:184:11
#2 0x9ca26a in Sass::Output::operator()(Sass::StyleRule*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/output.cpp:172:14
#3 0x9d3c10 in Sass::Inspect::operator()(Sass::Block*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:35:20
#4 0x59a80b in Sass::Block::perform(Sass::Operation) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/ast.hpp:510:5
#5 0x59a80b in Sass::Context::render(Sass::SharedImplSass::Block) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/context.cpp:498
#6 0x56989f in sass_compiler_execute /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:454:53
#7 0x567ff2 in sass_compile_context(Sass_Context, Sass::Context*) /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:319:7
#8 0x5682da in sass_compile_file_context /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/sass_context.cpp:422:12
#9 0x55f520 in compile_file /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/sassc-3.6.1/sassc.c:158:5
#10 0x560afe in main /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/sassc-3.6.1/sassc.c:370:18
#11 0x7faae9491b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#12 0x466519 in _start (/mnt/d/zyp/fuzzer/fuzzed_projects/ASAN_BUILDS/sassc_asan+0x466519)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2020-06/libsass-3.6.4/src/inspect.cpp:466:24 in Sass::Inspect::operator()(Sass::List*)
==22973==ABORTING
In (libsass 3.6.5 + sassc 3.6.2) , the output is:
$ ./sassc ../../sass_crash2.scss
WARNING on line 14, column 10 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 28, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
WARNING on line 36, column 9 of /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sass_crash2.scss:
In Sass, "&&" means two copies of the parent selector. You probably want to use "and" instead.
AddressSanitizer:DEADLYSIGNAL
==22961==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000063dd44 bp 0x000000000000 sp 0x7fffd3a8f540 T0)
==22961==The signal is caused by a READ memory access.
==22961==Hint: address points to the zero page.
#0 0x63dd43 in Sass::Inspect::operator()(Sass::List*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63dd43)
#1 0x63bc1d in Sass::Inspect::operator()(Sass::Declaration*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63bc1d)
#2 0x6389cc in Sass::Output::operator()(Sass::StyleRule*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x6389cc)
#3 0x63a9e1 in Sass::Inspect::operator()(Sass::Block*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63a9e1)
#4 0x53ebba in Sass::Context::render(Sass::SharedImplSass::Block) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x53ebba)
#5 0x52f24f in sass_compiler_execute (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x52f24f)
#6 0x52eb4e in sass_compile_context(Sass_Context*, Sass::Context*) (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x52eb4e)
#7 0x52b4a6 in compile_file /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/sassc.c:173:5
#8 0x52bdf8 in main /mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/sassc.c:387:18
#9 0x7ff668091b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#10 0x432be9 in _start (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x432be9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mnt/d/zyp/fuzzer/fuzzed_projects/sass/2021-10-30/sassc-3.6.2/bin/sassc+0x63dd43) in Sass::Inspect::operator()(Sass::List*)
==22961==ABORTING
Found by Fuzzing.
The text was updated successfully, but these errors were encountered: