New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
35975: jsoup:HtmlFuzzer: Uncaught exception in org.jsoup.parser.HtmlTreeBuilder.process #1577
Comments
Doesn't repro for me - fixed by another commit?
Haven't been able to repro - I will wait for the next execution of the fuzzer with updated fixes and review. |
Shows as still reproducing, but I can't repro with the attached sample. Thinking that it might be a character encoding issue, I tried every charset on my platform but still could not repro. I'm not sure what I'm missing.
|
OK got it! By dropping my stack size way down (256K hits it). I guess the fuzzer is optimizing the sample data for its specific stack size :) |
Fixed -- I think this is a gap in the spec? AFAICT am processing according to the rules in https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-intable - but there exists states where the resetInsertionMode will leave in the InTable state, and so reprocessing the current token will recurse and eventually overflow. Fixed by testing that the mode changed and if not, inserting directly. Also fixed up a couple other processing states. |
This should help with issues such as jhy/jsoup#1577 (comment)
This should help with issues such as jhy/jsoup#1577 (comment)
This should help with issues such as jhy/jsoup#1577 (comment)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35975
Detailed Report: https://oss-fuzz.com/testcase?key=4820007715471360
Project: jsoup
Fuzzing Engine: libFuzzer
Fuzz Target: HtmlFuzzer
Job Type: libfuzzer_asan_jsoup
Platform Id: linux
Crash Type: Uncaught exception
Crash Address:
Crash State:
org.jsoup.parser.HtmlTreeBuilder.process
org.jsoup.parser.HtmlTreeBuilderState$9.process
java.base/java.lang.String.compareTo
Sanitizer: address (ASAN)
Recommended Security Severity: Low
Crash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_jsoup&revision=202107050606
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4820007715471360
Issue filed automatically.
The text was updated successfully, but these errors were encountered: