AddressSanitizer: stack-overflow on address 0x7ffff3e46ff8 (pc 0x7f13120dddd5 bp 0x615000000be8 sp 0x7ffff3e47000 T0)

[lmm-1997]

I use AFL to fuzz libsass, and it finds a stack-overflow on the target.

version: 3.6.4, 3.6.5

POC：poc

CMD：./sassc poc

ASAN has reported a stack-overflow

==7839==ERROR: AddressSanitizer: stack-overflow on address 0x7ffffd5f1ff8 (pc 0x7f3b771df786 bp 0x6110000023c8 sp 0x7ffffd5f2000 T0)

0 0x7f3b771df785 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785)

#1 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44)
#2 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda)
#3 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a)

...

245 0x7f3b771dfe44 in Sass::ComplexSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404e44)

#246 0x7f3b771dfeda in Sass::SelectorList::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404eda)
#247 0x7f3b771dff9a in Sass::PseudoSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404f9a)
#248 0x7f3b771df7b8 in Sass::CompoundSelector::has_real_parent_ref() const (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x4047b8)

SUMMARY: AddressSanitizer: stack-overflow (/mnt/d/anheng/target/libsass-3.6.5/sassc/bin/sassc_3.6.5_asan+0x404785) in Sass::CompoundSelector::has_real_parent_ref() const ==7839==ABORTING

[pgajdos]

CVE-2022-26592

[mgreter]

Addressed via https://github.com/sass/libsass/pull/3184