On Mon, Jun 02, 2025 at 02:12:49PM +0200, Florian Westphal wrote: > fuzzer can cause assert failures due to json_pack() returning a NULL > value and therefore triggering the assert(out) in __json_pack macro. > > All instances I saw are due to invalid UTF-8 strings, i.e., table/chain > names with non-text characters in them. So these odd strings are supported everywhere else and we only fail to format them into JSON? According to the spec[1] this should even support "\uXXXX"-style escapes. Not sure if it helps us, but to me this sounds like a bug in libjansson. Or are these really binary sequences somehow entered into nftables wich jansson's utf8_check_string() identifies as invalid? > Work around this for now, replace the assert with a plaintext error > message and return NULL instead of abort(). The old code was active with DEBUG builds, only. If undefined, it would just call json_pack() itself. Did you test a non-DEBUG build, too? I wonder if json.c swallows the NULL return or we see at least an error message. Thanks, Phil [1] https://www.json.org/json-en.html
