heap-buffer-overflow (READ of size 1) in prelexer.hpp

[geeknik]

tested commit ceef4cd, compiled with clang 8 and address sanitizer.

echo "MHt0Oihc" | base64 -d | ./sassc

==26540==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000017 at pc 0x0000007f2978 bp 0x7ffdf7167030 sp 0x7ff                                                                                    df7167028
READ of size 1 at 0x602000000017 thread T0
    #0 0x7f2977 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &                                                                                    (char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*, char const*) /root/libsass/src/prelexer.hpp:70:14
    #1 0x7f2977 in char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &                                                                                    (char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*) /root/libsass/src/prelexer.hpp:123
    #2 0x7f2977 in char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prele                                                                                    xer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*))>(char const*))>(char const*)                                                                                     /root/libsass/src/lexer.hpp:221
    #3 0x7f2977 in char const* Sass::Prelexer::sequence<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char co                                                                                    nst* Sass::Prelexer::skip_over_scopes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexe                                                                                    r::exactly<(char)41>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:228
    #4 0x7f2977 in Sass::Prelexer::parenthese_scope(char const*) /root/libsass/src/prelexer.cpp:1630
    #5 0x7dfaea in char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char                                                                                     const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*) /root/libsass/src/lexer.hpp:227:20
    #6 0x7dfaea in char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_s                                                                                    cope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char c                                                                                    onst*))>(char const*) /root/libsass/src/lexer.hpp:205
    #7 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&S                                                                                    ass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_st                                                                                    ring>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:212
    #8 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const                                                                                    * Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::option                                                                                    al<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*) /root/libsass/src/lexer.hpp:212
    #9 0x7dfaea in char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant,                                                                                     &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifie                                                                                    r, &Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpo                                                                                    lant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*) /root/li                                                                                    bsass/src/lexer.hpp:212
    #10 0x7dfaea in char const* Sass::Prelexer::alternatives<&Sass::Prelexer::block_comment, &(char const* Sass::Prelexer::seque                                                                                    nce<&Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char con                                                                                    st*)), &Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthes                                                                                    e_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(cha                                                                                    r const*))>(char const*) /root/libsass/src/lexer.hpp:212
    #11 0x7dfaea in char const* Sass::Prelexer::non_greedy<&(char const* Sass::Prelexer::alternatives<&Sass::Prelexer::block_com                                                                                    ment, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Prelexe                                                                                    r::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifier, &Sass::Prelexer::variable, &(char const* Sass::Prel                                                                                    exer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* Sass::Prelexer::optional<&Sass::Pr                                                                                    elexer::quoted_string>(char const*))>(char const*))>(char const*)), &(char const* Sass::Prelexer::sequence<&(char const* Sass::P                                                                                    relexer::alternatives<&(char const* Sass::Prelexer::exactly<(char)123>(char const*)), &(char const* Sass::Prelexer::exactly<(cha                                                                                    r)125>(char const*)), &(char const* Sass::Prelexer::exactly<(char)59>(char const*))>(char const*))>(char const*))>(char const*)                                                                                     /root/libsass/src/lexer.hpp:265
    #12 0x72fcf7 in char const* Sass::Parser::peek<&(char const* Sass::Prelexer::non_greedy<&(char const* Sass::Prelexer::altern                                                                                    atives<&Sass::Prelexer::block_comment, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::interpolant, &(char const* Sass::                                                                                    Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*)), &Sass::Prelexer::identifier, &Sass::Prelexer::v                                                                                    ariable, &(char const* Sass::Prelexer::sequence<&Sass::Prelexer::parenthese_scope, &Sass::Prelexer::interpolant, &(char const* S                                                                                    ass::Prelexer::optional<&Sass::Prelexer::quoted_string>(char const*))>(char const*))>(char const*)), &(char const* Sass::Prelexe                                                                                    r::sequence<&(char const* Sass::Prelexer::alternatives<&(char const* Sass::Prelexer::exactly<(char)123>(char const*)), &(char co                                                                                    nst* Sass::Prelexer::exactly<(char)125>(char const*)), &(char const* Sass::Prelexer::exactly<(char)59>(char const*))>(char const                                                                                    *))>(char const*))>(char const*))>(char const*) /root/libsass/src/parser.hpp:137:27
    #13 0x72fcf7 in Sass::Parser::lookahead_for_value(char const*) /root/libsass/src/parser.cpp:2879
    #14 0x71dafb in Sass::Parser::parse_declaration() /root/libsass/src/parser.cpp:1079:29
    #15 0x6dd519 in Sass::Parser::parse_block_node(bool) /root/libsass/src/parser.cpp:308:30
    #16 0x6d1e0b in Sass::Parser::parse_block_nodes(bool) /root/libsass/src/parser.cpp:196:11
    #17 0x6d5714 in Sass::Parser::parse_css_block(bool) /root/libsass/src/parser.cpp:153:10
    #18 0x702c32 in Sass::Parser::parse_block(bool) /root/libsass/src/parser.cpp:177:12
    #19 0x702c32 in Sass::Parser::parse_ruleset(Lookahead) /root/libsass/src/parser.cpp:537
    #20 0x6db474 in Sass::Parser::parse_block_node(bool) /root/libsass/src/parser.cpp:278:21
    #21 0x6d1e0b in Sass::Parser::parse_block_nodes(bool) /root/libsass/src/parser.cpp:196:11
    #22 0x6cdf49 in Sass::Parser::parse() /root/libsass/src/parser.cpp:122:5
    #23 0x5795b1 in Sass::Context::register_resource(Sass::Include const&, Sass::Resource const&) /root/libsass/src/context.cpp:                                                                                    332:24
    #24 0x58fc4c in Sass::Data_Context::parse() /root/libsass/src/context.cpp:644:5
    #25 0x53eacc in Sass::sass_parse_block(Sass_Compiler*) /root/libsass/src/sass_context.cpp:234:31
    #26 0x53eacc in sass_compiler_parse /root/libsass/src/sass_context.cpp:483
    #27 0x53dd88 in sass_compile_context(Sass_Context*, Sass::Context*) /root/libsass/src/sass_context.cpp:371:7
    #28 0x53dbbe in sass_compile_data_context /root/libsass/src/sass_context.cpp:456:12
    #29 0x532c67 in compile_stdin /root/sassc/sassc.c:138:5
    #30 0x5339a2 in main /root/sassc/sassc.c:377:18
    #31 0x7fe03f7912e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #32 0x45b209 in _start (/root/sassc/bin/sassc+0x45b209)

0x602000000017 is located 0 bytes to the right of 7-byte region [0x602000000010,0x602000000017)
allocated by thread T0 here:
    #0 0x503dd2 in realloc /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:165:3
    #1 0x532b9b in compile_stdin /root/sassc/sassc.c:112:25
    #2 0x5339a2 in main /root/sassc/sassc.c:377:18
    #3 0x7fe03f7912e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/libsass/src/prelexer.hpp:70:14 in char const* Sass::Prelexer::skip_over_sc                                                                                    opes<&(char const* Sass::Prelexer::exactly<(char)40>(char const*)), &(char const* Sass::Prelexer::exactly<(char)41>(char const*)                                                                                    )>(char const*, char const*)

[fgeek]

Reproduced.