Bug 1643760

Summary: There is a Segmentation fault at Sass::Eval::operator in libsass3.5-stable.
Product: [Fedora] Fedora Reporter: shuitao gan <ganshuitao>
Component: libsassAssignee: Aurelien Bompard <aurelien>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 31CC: aurelien, ganshuitao, henri, iamleot+rhbugzilla, mcatanza
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-02 15:16:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
./sassc POC1 none

Description shuitao gan 2018-10-28 13:14:18 UTC 
version: libsass3.5-stable
Summary: 

There is a Segmentation fault at Sass::Eval::operator in libsass3.5-stable. 



$./sassc POC1
Segmentation fault

The GDB debugging information is as follow


(gdb) set args POC1
(gdb) r

Program received signal SIGSEGV, Segmentation fault.
0x00000000004a0d23 in Sass::Eval::operator()(Sass::Binary_Expression*) ()

...
Comment 1 Leonardo Taccari 2018-11-13 10:32:21 UTC 
Hello shuitao,
is this the same problem of:

 https://bugzilla.redhat.com/show_bug.cgi?id=1482397

(and CVE-2017-12964)?


Thanks!
Comment 2 Henri Salo 2018-11-13 18:59:02 UTC 
Please attach POC1 to this issue report, thank you.
Comment 3 shuitao gan 2018-11-14 02:54:09 UTC 
It's triggered in latest version.
Comment 4 shuitao gan 2018-11-14 02:54:57 UTC 
Created attachment 1505523 [details]
./sassc POC1
Comment 5 Ben Cotton 2019-08-13 16:51:28 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 6 Ben Cotton 2019-08-13 19:41:31 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.
Comment 7 Michael Catanzaro 2020-11-02 15:16:23 UTC 
Red Hat Bugzilla is not an appropriate forum for reporting security bugs in upstream components. As you can see, your bug report here has been ignored for several years, and will likely continue to be ignored, so I'm going to go ahead and close it. Please feel free to report this upstream if you want the developers to look at it.