Closed ni4 closed 1 year ago
ClusterFuzz testcase 5528625325932544 is verified as fixed in https://oss-fuzz.com/revisions?job=honggfuzz_asan_rnp&range=202303260621:202303270612 We limit nesting levels since https://github.com/rnpgp/sexp/commit/fe9838852b0fe22842dc28f39db38991bac7409f
scan_object calls either sexp_string_t::parse
(does not increase nesting level) or ``sexp_list_t::parse```(increases nesting level)
I agree that
Currently we do not limit number of possible nesting layers in
sexp::sexp_input_stream_t::scan_object()
, which leads to the stack overflow: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54206&q=rnp&can=2In this case and all other where recursion is possible it should be limited to the certain amount. 1024 would be enough here. The same applies to the
sexp_input_stream_t
- max_depth should default to some value like 1024 (define may be used here) instead of 0. Probably we should not allow unlimited nesting layers in constructor at all.