Crash in searchKeys (original) (raw)

The following code makes a panic in searchKeys function:

package fuzz

import ( "testing"

"github.com/buger/jsonparser"

)

func TestFuzzCrasher(t *testing.T) { crasher := []byte({{{"":) jsonparser.GetInt(crasher, "a", "b") }

Here is the panic output

panic: runtime error: index out of range [2] with length 2

goroutine 1 [running]:
github.com/buger/jsonparser.searchKeys(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0xffffffffffffffff)
    /Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:264 +0xef5
github.com/buger/jsonparser.internalGet(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x0, 0xc000000180, 0xc000088d70, 0x1031f50, ...)
    /Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:876 +0x3b5
github.com/buger/jsonparser.Get(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x1052a72, 0x10442bc, 0x1054ab0, 0xc000088e08, ...)
    /Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:870 +0x8b
github.com/buger/jsonparser.GetInt(0x4010000, 0x6, 0x6, 0xc000088e50, 0x2, 0x2, 0x1a22912800000000, 0x5daa1a76, 0xc000088e70)
    /Users/thomasleroy/Software/go/src/github.com/buger/jsonparser/parser.go:1140 +0x8b
_/Users/thomasleroy/Security/Fuzzing/Go-fuzz.Fuzz(0x4010000, 0x6, 0x6, 0x3)
    /Users/thomasleroy/Security/Fuzzing/Go-fuzz/jsonparser.go:8 +0x95
go-fuzz-dep.Main(0xc000088f48, 0x1, 0x1)
    go-fuzz-dep/main.go:36 +0x1ad
main.main()
    _/Users/thomasleroy/Security/Fuzzing/Go-fuzz/go.fuzz.main/main.go:15 +0x52
exit status 2

The function also crashes if you call GetInt(crasher, "a")