You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
according to the error message,the problem is caused by the conversion of the base class and the derived class.
Sass::Unary_Expression,static_cast will not peforme security checks during the downcast conversion.resulting in the error.This problem can be avoided by changing static_cast to dynamic_cast.
I think this can solve the problem, please maintainer check this @hcatlin
@qweryzh can you explain what you are doing to trigger this error? Are you running a specific bit of Sass to compile? Are you trying to run libsass in some specific environment?
@hcatlin This occurs when I running fuzz test cases.You can download test environment from https://github.com/google/oss-fuzz.git
and perform the following steps:
1.build
python3 infra/helper.py build_fuzzers --sanitizer undefined libsass
2. run
python3 infra/helper.py run_fuzzer libsass data_context_fuzzer -rss_limit_mb=0
src/memory/shared_ptr.hpp:202:17: runtime error: downcast of address 0x000003638870 which does not point to an object of type 'Sass::PreValue'
0x000003638870: note: object is of type 'Sass::Unary_Expression'
00 00 00 00 48 ff c7 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 84 63 03
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Sass::Unary_Expression'
#0 0x6a037f in Sass::SharedImplSass::PreValue::SharedImplSass::Expression(Sass::Expression*) /src/libsass/src/memory/shared_ptr.hpp:202:17
#1 0x653594 in Sass::Parser::parse_selector_schema(char const*, bool) /src/libsass/src/parser.cpp:576:24
#2 0x6549cb in Sass::Parser::parse_ruleset(Lookahead) /src/libsass/src/parser.cpp:516:17
#3 0x648a0d in Sass::Parser::parse_block_node(bool) /src/libsass/src/parser.cpp:260:21
#4 0x644b10 in Sass::Parser::parse_block_nodes(bool) /src/libsass/src/parser.cpp:171:11
#5 0x6434c1 in Sass::Parser::parse() /src/libsass/src/parser.cpp:97:5
#6 0x587661 in Sass::Context::register_resource(Sass::Include const&, Sass::Resource const&) /src/libsass/src/context.cpp:307:24
#7 0x590e16 in Sass::Data_Context::parse() /src/libsass/src/context.cpp:621:5
#8 0x4c456a in Sass::sass_parse_block(Sass_Compiler*) /src/libsass/src/sass_context.cpp:181:31
#9 0x4c4347 in sass_compiler_parse /src/libsass/src/sass_context.cpp:435:22
#10 0x4c3f1c in sass_compile_context(Sass_Context*, Sass::Context*) /src/libsass/src/sass_context.cpp:318:7
#11 0x4c1bc3 in LLVMFuzzerTestOneInput /src/data_context_fuzzer.cc:26:3
#12 0x452eb1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#13 0x43e212 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:296:6
#14 0x4442a7 in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:776:9
#15 0x46c8f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#16 0x7fc7b762682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#17 0x418828 in _start (/out/data_context_fuzzer+0x418828)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/memory/shared_ptr.hpp:202:17 in
The text was updated successfully, but these errors were encountered: