Input Causes Panic: "wÔΩø\xdc<<070005000\n" #130

BrianHicks · 2016-06-07T23:07:07Z

I've found a crashing input in HCL as of d7400db. Here's an SSCCE demonstrating the problem.

package main

import (
    "github.com/hashicorp/hcl"
)

var (
    data =  "wÔΩø\xdc<<070005000\n"
)

func main() {
    var out interface{}
    hcl.Unmarshal([]byte(data), &out)
}

When run, this gives the following output:

illegal
panic: regexp: Compile("[[:space:]]*\xdc<<070005\\z"): error parsing regexp: invalid UTF-8: `‹<<070005\z`

goroutine 1 [running]:
panic(0x19b960, 0xc82000a420)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/runtime/panic.go:481 +0x3e6
regexp.MustCompile(0xc8200102c0, 0x17, 0xc820041618)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/regexp/regexp.go:232 +0x1d5
github.com/hashicorp/hcl/hcl/scanner.(*Scanner).scanHeredoc(0xc820072d00)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/scanner/scanner.go:433 +0xc6a
github.com/hashicorp/hcl/hcl/scanner.(*Scanner).Scan(0xc820072d00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/scanner/scanner.go:180 +0xa74
github.com/hashicorp/hcl/hcl/parser.(*Parser).scan(0xc820041c88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:376 +0x156
github.com/hashicorp/hcl/hcl/parser.(*Parser).objectKey(0xc820041c88, 0x0, 0x0, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:196 +0x122
github.com/hashicorp/hcl/hcl/parser.(*Parser).objectItem(0xc820041c88, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:125 +0xd5
github.com/hashicorp/hcl/hcl/parser.(*Parser).objectList(0xc820041c88, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:70 +0x127
github.com/hashicorp/hcl/hcl/parser.(*Parser).Parse(0xc820041c88, 0xc820072d00, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:53 +0x166
github.com/hashicorp/hcl/hcl/parser.Parse(0x3d3000, 0x11, 0x200000, 0x1, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/hcl/parser/parser.go:40 +0x24d
github.com/hashicorp/hcl.parse(0x3d3000, 0x11, 0x200000, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/parse.go:26 +0xc3
github.com/hashicorp/hcl.Unmarshal(0x3d3000, 0x11, 0x200000, 0x18d2e0, 0xc82000a340, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/hashicorp/hcl/decoder.go:27 +0x7e
github.com/BrianHicks/fuzz-hcl.ParseSafely(0x3d3000, 0x11, 0x200000, 0x0, 0x0, 0x0, 0x0)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/BrianHicks/fuzz-hcl/fuzz.go:20 +0xc1
github.com/BrianHicks/fuzz-hcl.Fuzz(0x3d3000, 0x11, 0x200000, 0xc820070058)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/github.com/BrianHicks/fuzz-hcl/fuzz.go:11 +0x105
go-fuzz-dep.Main(0x23a3e8)
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/go-fuzz-dep/main.go:49 +0x14c
main.main()
    /var/folders/f6/l26tk3xs5pjczcd5k5pcrmk00000gn/T/go-fuzz-build846495901/src/go.fuzz.main/main.go:10 +0x23
exit status 2

(and here it is when run through panicparse, for convenience)

illegal
panic: regexp: Compile("[[:space:]]*\xdc<<070005\\z"): error parsing regexp: invalid UTF-8: `‹<<070005\z`

exit status 2
To see all goroutines, visit https://github.com/maruel/panicparse#GOTRACEBACK

1: running
                panic.go:481   panic(0x19b960, 0xc82000a420)
    regexp      regexp.go:232  MustCompile(0xc8200102c0, 0x17, 0xc820041618)
    scanner     scanner.go:433 (*Scanner).scanHeredoc(#2)
    scanner     scanner.go:180 (*Scanner).Scan(#2, 0, 0, 0, 0, 0, 0, 0, 0, 0)
    parser      parser.go:376  (*Parser).scan(#1, 0, 0, 0, 0, 0, 0, 0, 0, 0)
    parser      parser.go:196  (*Parser).objectKey(#1, 0, 0, 0, 0, 0)
    parser      parser.go:125  (*Parser).objectItem(#1, 0, 0, 0)
    parser      parser.go:70   (*Parser).objectList(#1, 0, 0, 0)
    parser      parser.go:53   (*Parser).Parse(#1, #2, 0, 0)
    parser      parser.go:40   Parse(0x3d3000, 0x11, 0x200000, 0x1, 0, 0)
    hcl         parse.go:26    parse(0x3d3000, 0x11, 0x200000, 0, 0, 0)
    hcl         decoder.go:27  Unmarshal(0x3d3000, 0x11, 0x200000, 0x18d2e0, 0xc82000a340, 0, 0)
    fuzz-hcl    fuzz.go:20     ParseSafely(0x3d3000, 0x11, 0x200000, 0, 0, 0, 0)
    fuzz-hcl    fuzz.go:11     Fuzz(0x3d3000, 0x11, 0x200000, 0xc820070058)
    go-fuzz-dep main.go:49     Main(0x23a3e8)
    main        main.go:10     main()

Other inputs that create this same panic: https://gist.github.com/d092170934be43ecfd4af02ebe61d5ad

The text was updated successfully, but these errors were encountered:

BrianHicks mentioned this issue Jun 7, 2016

Question: fuzzing? #126

Closed

radeksimko added the bug label Feb 15, 2017

apparentlymart added the v1 Relates to the v1 line of releases label Aug 27, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Input Causes Panic: "wÔΩø\xdc<<070005000\n" #130

Input Causes Panic: "wÔΩø\xdc<<070005000\n" #130

BrianHicks commented Jun 7, 2016

Input Causes Panic: "wÔΩø\xdc<<070005000\n" #130

Input Causes Panic: "wÔΩø\xdc<<070005000\n" #130

Comments

BrianHicks commented Jun 7, 2016