Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(smile) Handle sequence of Smile header markers without recursion #268

Closed
cowtowncoder opened this issue Mar 30, 2021 · 0 comments
Closed

(smile) Handle sequence of Smile header markers without recursion #268

cowtowncoder opened this issue Mar 30, 2021 · 0 comments
Labels
fuzz Issue found by OssFuzz
Milestone
2.12.3

Comments

@cowtowncoder
Copy link
Member

(found by ossfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32665)

A sequence of 4-byte Smile header markers is technically legal (even if generally useless), and the current handling that uses recursion can be problematic if caller feeds parser a very long sequence (in thousands of markers).
Code should be changed to avoid recursive calls.
@cowtowncoder cowtowncoder added this to the 2.12.3 milestone Mar 30, 2021
@cowtowncoder cowtowncoder added 2.12 fuzz Issue found by OssFuzz labels Apr 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fuzz Issue found by OssFuzz
Projects
None yet
Milestone
2.12.3
Development

No branches or pull requests
1 participant
@cowtowncoder