json: Heap-buffer-overflow in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha

2016-12-28T23:00:22
ID OSSFUZZ-343
Type ossfuzz
Reporter Google
Modified 2017-02-24T03:32:15

Description

Project: https://github.com/nlohmann/json.git

Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6040962799239168

Project: json Fuzzer: libFuzzer_json_fuzzer-parse_msgpack Fuzz target binary: fuzzer-parse_msgpack Job Type: libfuzzer_asan_json Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x603000000143 Crash State: nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha _start

Recommended Security Severity: Medium

Regressed: https://clusterfuzz-external.appspot.com/revisions?job=libfuzzer_asan_json&range=201612280923:201612281110

Minimized Testcase (0.00 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv95NCMBh7AVb3p5HP2Yn5Au5Pwi80PXPp7Le6IBv-PDKP56X6ElvOlGqKpcdihUGYs_k0vO9657nHJkkvdxt4zFeiNgnXuvJPxzLtEit_svS5wKr0OrSnrEmal8lsVaIaAiLdo9oP3_8Dqy8SK6J2MN9ikU4mbzydYZ8HzxmHpGZRUGXtm-FsmPdpB-7jFMUpOy4c_cnq50Xvd2VYKp8Xz_NOZAlWgGpa0g6yeNWF4j7WY2tIVnQClLXLY_Gd_QSSC1kZBkjRiQ95_ArJ0a-tsNFk1Kh43C_4FRUPq6P3f23h94CuQIfeLsNLIT517JnjYVwEVt76JWrseXFPp1PC5xO32PZqbnlzZojC1O3c32RJk8Eb3mXZNktsw98DCXHN1f5W8Rv?testcase_id=6040962799239168

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.