search

Tencent / rapidjson

A fast JSON parser/generator for C++ with both SAX/DOM style API
http://rapidjson.org/
Other
14.23k stars 3.54k forks source link

Stack buffer overflow crash when parsing #998

Open dan-ryan opened 7 years ago

dan-ryan commented 7 years ago

I'm trying out Xcode 9's sanitizer and looks like I found a possible error.

If I have SSE turned on I’m getting a “stack buffer overflow” crash. On line const __m128i s = _mm_load_si128(reinterpret_cast<const __m128i *>(p)); p value is "s\":[]}"

Code:

        Document doc;
    doc.Parse("{\"CEInnings.notes\":[]}");
miloyip commented 7 years ago

I think this is false alarm. Using SSE will read after the buffer due to 16-byte alignment, but this should be safe.

dan-ryan commented 7 years ago

Ok. It's odd that it only happens around a certain length. This will crash: { \"\": \"\" } (markdown is hiding some spaces) This wont: {\"\":\"\"} It won't crash if you add a lot of spaces.