Assertion Failure in acommon::ObjStack::check_size in aspell_fuzzer

[cla7aye15I4nd]

Description:
When running aspell_fuzzer, built by OSS-Fuzz, we encounter an assertion failure within acommon::ObjStack::check_size. This occurs due to a potential size overflow, causing the fuzzer to crash with a deadly signal.

Build Information:

• Commit: 4295413512cb1ceeba741876d12612e74c77f14b
• Binary: ./aspell_fuzzer

Sanitizer Report:

aspell_fuzzer: ./common/objstack.hpp:34: void acommon::ObjStack::check_size(size_t): Assertion `!will_overflow(sz)' failed.
==11018== ERROR: libFuzzer: deadly signal
    #0 0x565266c21fd1 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x565266b26f68 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    #2 0x565266b0a303 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:231:3
    #3 0x7f2c1b5ca41f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 9a65bb469e45a1c6fbcffae5b82a2fd7a69eb479)
    #4 0x7f2c1b26f00a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300a) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #5 0x7f2c1b24e858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #6 0x7f2c1b24e728  (/lib/x86_64-linux-gnu/libc.so.6+0x22728) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #7 0x7f2c1b25ffd5 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x33fd5) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #8 0x565266ce7f7b in acommon::ObjStack::check_size(unsigned long) /src/aspell/./common/objstack.hpp:34:5
    #9 0x565266ce7f7b in acommon::ObjStack::alloc_top(unsigned long) /src/aspell/./common/objstack.hpp:89:24
    #10 0x565266ce7f7b in acommon::ObjStack::dup_top(acommon::ParmString) /src/aspell/./common/objstack.hpp:102:27
    #11 0x565266ce7f7b in acommon::ObjStack::dup(acommon::ParmString) /src/aspell/./common/objstack.hpp:110:38
    #12 0x565266ce7f7b in acommon::StringMap::add(acommon::ParmString const&) /src/aspell/./common/string_map.hpp:78:35
    #13 0x565266c70d0c in acommon::Config::lookup_list(acommon::KeyInfo const*, acommon::MutableContainer&, bool) const /src/aspell/common/config.cpp:422:7
    #14 0x565266c6e510 in acommon::Config::retrieve_list(acommon::ParmString const&, acommon::MutableContainer*) const /src/aspell/common/config.cpp:451:5
    #15 0x565266cea610 in (anonymous namespace)::SgmlFilter::setup(acommon::Config*) /src/aspell/modules/filter/sgml.cpp:142:11
    #16 0x565266cbaadb in acommon::setup_filter(acommon::Filter&, acommon::Config*, bool, bool, bool) /src/aspell/lib/new_filter.cpp:191:9
    #17 0x565266c61c08 in acommon::new_document_checker(acommon::Speller*) /src/aspell/lib/new_checker.cpp:21:5
    #18 0x565266c57f51 in new_aspell_document_checker /src/aspell/lib/document_checker-c.cpp:42:37
    #19 0x565266c56fec in LLVMFuzzerTestOneInput /src/aspell-fuzz/aspell_fuzzer.cpp:95:13
    #20 0x565266b0b810 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #21 0x565266af6a85 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
    #22 0x565266afc51f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
    #23 0x565266b277c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #24 0x7f2c1b250082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #25 0x565266aeec6d in _start (/out/aspell_fuzzer+0xe9c6d)

Steps to Reproduce:

1. Build aspell_fuzzer using the OSS-Fuzz environment.
   crash-37dd22909dac8dd1f0810ea6a1d25c18781edfc3.zip

2. Execute the binary: ./aspell_fuzzer <poc>