Skip to content

Security contact for reproducible memory-safety issue in choc JSON parser #108

Description

@damseleng

Hello,

I have identified a reproducible memory-safety issue in choc's JSON parsing code.

The issue is reachable through a public API on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:

affected commit information
standalone C++ reproducers
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction

I would prefer not to disclose the minimized input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.

Is there a preferred private security contact, email address, or disclosure route for this project?

Best regards,
Yukimura

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions