Can not parse openapi spec with external references; infinite loop; memory overflow

[dududko]

Recently I have found out that this library fail to parse certain configuration of openapi specs. In a very minimal reproduction case I have a stack overflow panic.

https://github.com/dududko/kin-openapi/tree/memory_overflow/test/memory_overflow

the dependency tree is linear, no loops
spec0.yaml -> spec1.yaml -> packageX/spec2.yaml

git clone [email protected]:dududko/kin-openapi.git
git checkout memory_overflow
cd ./kin-openapi/test/memory_overflow
go run main.go

Here is the file with the execution output
log.txt

[fenollp]

Ah! I just spent way to much time on this :D
Your spec0 file has a typo that makes this a dependency tree cycle.

https://github.com/dududko/kin-openapi/blob/83f82a6990d512ceae97f312ea035e53a9f54e25/test/memory_overflow/spec0.yaml#L7
This should read $ref: 'spec1.yaml#/c instead of $ref: 'spec0.yaml#/c
Fixing that makes my test pass.

This is solid proof that this lib needs fuzzing though. I am looking into how to make such a spec fail faster than a stack overflow.

[fenollp]

Note: you can find some more detail at #236