Stack overflow (50083) found by OSS-Fuzz · Issue #387 · FasterXML/jackson-dataformats-text (original) (raw)

Dear jackson-dataformats-text developers,

Fuzzing has found a stack overflow in OSS-Fuzz with JVM Fuzzer Jazzer in jackson-dataformats-text. We have reviewed the finding and consider it security-related due to the potential of a denial of service.

Part of the crash stack trace:
== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Stack overflow (use '-Xss921k' to reproduce)
at com.fasterxml.jackson.dataformat.toml.Parser.parseKeyVal(Parser.java:463)
at com.fasterxml.jackson.dataformat.toml.Parser.parseInlineTable(Parser.java:416)
at com.fasterxml.jackson.dataformat.toml.Parser.parseValue(Parser.java:229)
Caused by: java.lang.StackOverflowError
at com.fasterxml.jackson.dataformat.toml.Lexer.yylex(Lexer.java:755)
at com.fasterxml.jackson.dataformat.toml.Parser.poll(Parser.java:101)
at com.fasterxml.jackson.dataformat.toml.Parser.pollExpected(Parser.java:106)
at com.fasterxml.jackson.dataformat.toml.Parser.parseAndEnterKey(Parser.java:173)
at com.fasterxml.jackson.dataformat.toml.Parser.parseKeyVal(Parser.java:461)
at com.fasterxml.jackson.dataformat.toml.Parser.parseInlineTable(Parser.java:416)
at com.fasterxml.jackson.dataformat.toml.Parser.parseValue(Parser.java:229)
at com.fasterxml.jackson.dataformat.toml.Parser.parseKeyVal(Parser.java:463)
at com.fasterxml.jackson.dataformat.toml.Parser.parseInlineTable(Parser.java:416)
at com.fasterxml.jackson.dataformat.toml.Parser.parseValue(Parser.java:229)
at com.fasterxml.jackson.dataformat.toml.Parser.parseKeyVal(Parser.java:463)
at com.fasterxml.jackson.dataformat.toml.Parser.parseInlineTable(Parser.java:416)
at com.fasterxml.jackson.dataformat.toml.Parser.parseValue(Parser.java:229)
...

We have included a Reproducer zip which contains a README file that describes how to reproduce the issue.
Reproducer zip: 50083-jackson-dataformats-text-TOMLFuzzer.zip
We would appreciate if you could take a look into the findings!

OSS-Fuzz Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
Hint: The provided OSS-Fuzz Issue links are only accessible if the issue gets fixed or if you are the maintainer of the OSS-Fuzz project.

Fuzz target: https://github.com/google/oss-fuzz/blob/master/projects/jackson-dataformats-text/TOMLFuzzer.java