Bug 1643760 - There is a Segmentation fault at Sass::Eval::operator in libsass3.5-stable.
Summary: There is a Segmentation fault at Sass::Eval::operator in libsass3.5-stable.
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: libsass
Version: 31
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-28 13:14 UTC by shuitao gan
Modified: 2020-11-02 15:16 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-02 15:16:23 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
./sassc POC1 (377 bytes, application/x-rar)
2018-11-14 02:54 UTC, shuitao gan 		no flags Details
View All

Description shuitao gan 2018-10-28 13:14:18 UTC 
version: libsass3.5-stable
Summary: 

There is a Segmentation fault at Sass::Eval::operator in libsass3.5-stable. 



$./sassc POC1
Segmentation fault

The GDB debugging information is as follow


(gdb) set args POC1
(gdb) r

Program received signal SIGSEGV, Segmentation fault.
0x00000000004a0d23 in Sass::Eval::operator()(Sass::Binary_Expression*) ()

...
Comment 1 Leonardo Taccari 2018-11-13 10:32:21 UTC 
Hello shuitao,
is this the same problem of:

 https://bugzilla.redhat.com/show_bug.cgi?id=1482397

(and CVE-2017-12964)?


Thanks!
Comment 2 Henri Salo 2018-11-13 18:59:02 UTC 
Please attach POC1 to this issue report, thank you.
Comment 3 shuitao gan 2018-11-14 02:54:09 UTC 
It's triggered in latest version.
Comment 4 shuitao gan 2018-11-14 02:54:57 UTC 
Created attachment 1505523 [details]
./sassc POC1
Comment 5 Ben Cotton 2019-08-13 16:51:28 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 6 Ben Cotton 2019-08-13 19:41:31 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.
Comment 7 Michael Catanzaro 2020-11-02 15:16:23 UTC 
Red Hat Bugzilla is not an appropriate forum for reporting security bugs in upstream components. As you can see, your bug report here has been ignored for several years, and will likely continue to be ignored, so I'm going to go ahead and close it. Please feel free to report this upstream if you want the developers to look at it.
Note You need to log in before you can comment on or make changes to this bug.