Use-of-uninitialized-value (OSS-Fuzz issue 377)

The library is continuously fuzz tested by [Google's OSS-Fuzz](https://github.com/google/oss-fuzz). Today, an error was reported:

```
Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6051806467588096

Project: json
Fuzzer: libFuzzer_json_fuzzer-parse_cbor
Fuzz target binary: fuzzer-parse_cbor
Job Type: libfuzzer_msan_json
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha
nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha
nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha

Recommended Security Severity: Medium


Minimized Testcase (0.05 Kb): https://clusterfuzz-external.appspot.com/download/AMIfv95JewdvXub-dTQH2ZJcTO9CU1JJuX0z2r_ayy2dkqW9dUli-j_DKzAnncumcPUGCJ7--lDX9C92a8r84smAF_9TvgQTWcLL3LnxtCbsPjKoSb9v_Hh2nOyGk3rHxMO68Q8Zl5O3wK4MwnCJjWuNL9YK6ENt_eni6z1IKVRVmS3SMQfYIaQlIngHVtCTesM2IoLdwyADpKlFlotYeVVffhtYs4cF8Dku3lmDj-vjLRDZ5YOF4TfEsBva4-tUMtLbfcxoDXk4NmTkld2cFhD6x9qrwJ8EVlOgz7QvaWxfXYp8prFPZbLVgmYzt33nqSopzQobs8qaFjUhbJ4m3ptfoEeQMvpbZFzND2OF39qFmgbTG4LZ-LAyyEcd6puze-HTurgzL_3S?testcase_id=6051806467588096

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
```

- [fuzz-3-json_fuzzer-parse_cbor.zip](https://github.com/nlohmann/json/files/683353/fuzz-3-json_fuzzer-parse_cbor.zip)


```
#0 0x4c5699 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::basic_json(double) /src/json/src/json.hpp:1515:13
#1 0x4c59a7 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::basic_json<float, void>(float) /src/json/src/json.hpp:1559:11
#2 0x4b9330 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7557:24
#3 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#4 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#5 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#6 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#7 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#8 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#9 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#10 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#11 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#12 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#13 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#14 0x4b4be6 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7430:39
#15 0x4b2505 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor_internal(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, unsigned long&) /src/json/src/json.hpp:7335:38
#16 0x495ecf in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator>::from_cbor(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&) /src/json/src/json.hpp:7690:16
#17 0x494932 in LLVMFuzzerTestOneInput /src/json/test/src/fuzzer-parse_cbor.cpp:34:19
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use-of-uninitialized-value (OSS-Fuzz issue 377) #416

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Use-of-uninitialized-value (OSS-Fuzz issue 377) #416

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions