Abrt in get_number (OSS-Fuzz 885)

```
Detailed report: https://oss-fuzz.com/testcase?key=5393597081845760

Project: json
Fuzzer: afl_json_parse_afl_fuzzer
Fuzz target binary: parse_afl_fuzzer
Job Type: afl_asan_json
Platform Id: linux

Crash Type: Abrt on unknown address 0x000000000001
Crash Address: 
Crash State:
  demangling_terminate_handler
  std::__terminate
  __cxa_throw
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://oss-fuzz.com/download/AMIfv97XDciMKr6_PypKy2kipdV1daNithj1enT67JgrprThT6JplCYIZtFZ_TCtBzO3zFNgwRZ8Xsg_Khn28ZYzwrJM5vUfpMLfjfnPjFvWGhUMH_ancyg7Inp7syPVn2pDxjmw4t3DTXkRZP1mxbG3arN7EiqS0C6zWNLGddHBz6ZFYmK7zG9c8Pm6jwsT-L6skXi5wgExIdnnf1DsXigBg9qu2rrS7PTgIfJtujTmJj8QxaHSvcdDpvId4OMhnPsip3AFZ4buiJMmxVFXvCH_HkalErQyMLzyMKRtGbYVnD8hQSy3e-uSfoilQDwT-VAbHZdrHIua195E9Sxo6htAZ49uLdIooFBrDOT0enP1Bltl60tx1dO-bobiGxbrPPE5vsqrb0eiG7ArC3_BlWWj0v3aOn-PfJwyOlzdWwbzrikZYSm5PT8?testcase_id=5393597081845760


Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
```

```
	SCARINESS: 10 (signal)
#0 0x7f73f22e2417 in gsignal
#1 0x7f73f22e4019 in abort
#2 0x583436 in abort_message
#3 0x584c65 in demangling_terminate_handler()
#4 0x5832d5 in std::__terminate(void (*)())
#5 0x5847d6 in __cxa_throw
#6 0x524dfd in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::lexer::get_number(nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>&, nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::lexer::token_type) const /src/json/src/json.hpp:11871:21
#7 0x51b119 in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::parser::parse_internal(bool) /src/json/src/json.hpp:12146:29
#8 0x51be3a in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::parser::parse_internal(bool) /src/json/src/json.hpp:12092:38
#9 0x51a67f in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::parser::parse() /src/json/src/json.hpp:11953:33
#10 0x5132ec in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer> nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::parse<unsigned char const*, 0>(unsigned char const*, unsigned char const*, std::__1::function<bool (int, nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>::parse_event_t, nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer>&)>) /src/json/src/json.hpp:7244:40
#11 0x512a40 in LLVMFuzzerTestOneInput /src/json/test/src/fuzzer-parse_json.cpp:34:19
#12 0x512333 in main /src/libfuzzer/afl/afl_driver.cpp:287:7
#13 0x7f73f22cd82f in __libc_start_main
#14 0x41b5d8 in _start
```

[clusterfuzz-testcase-5393597081845760.zip](https://github.com/nlohmann/json/files/851788/clusterfuzz-testcase-5393597081845760.zip)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Abrt in get_number (OSS-Fuzz 885) #519

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Abrt in get_number (OSS-Fuzz 885) #519

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions