Hello,
I have identified a reproducible memory-safety issue in choc's JSON parsing code.
The issue is reachable through a public API on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:
affected commit information
standalone C++ reproducers
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the minimized input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.
Is there a preferred private security contact, email address, or disclosure route for this project?
Best regards,
Yukimura
Hello,
I have identified a reproducible memory-safety issue in choc's JSON parsing code.
The issue is reachable through a public API on a clean checkout with AddressSanitizer enabled. I have prepared a small report package containing:
affected commit information
standalone C++ reproducers
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the minimized input, reproducer details, or sanitizer output publicly before the maintainer has had a chance to review them.
Is there a preferred private security contact, email address, or disclosure route for this project?
Best regards,
Yukimura