diff options
author | Ian Cordasco <graffatcolmingov@gmail.com> | 2017-05-13 18:27:08 -0500 |
---|---|---|
committer | Ian Cordasco <graffatcolmingov@gmail.com> | 2017-05-13 18:27:08 -0500 |
commit | 6bbc217fc721b3b78ee7911e5267b40984943f4c (patch) | |
tree | e5af6160f47e9a99e0a4d52c5d53694607882224 | |
parent | 119b7b6adfa72552d6dc7eb03f402ff5cf8f9fa6 (diff) | |
download | libyaml-git-6bbc217fc721b3b78ee7911e5267b40984943f4c.tar.gz |
Fix unitialized value crash found by OSS Fuzz
Google's OSS Fuzz project found input for libyaml that was capable of
triggering an uninitialized value crash.
Patch provided by Alex Gaynor
-rw-r--r-- | regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml | 1 | ||||
-rw-r--r-- | src/scanner.c | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml new file mode 100644 index 0000000..72e9492 --- /dev/null +++ b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml @@ -0,0 +1 @@ +"(\
diff --git a/src/scanner.c b/src/scanner.c index 1189d9d..8e2334f 100644 --- a/src/scanner.c +++ b/src/scanner.c @@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token, /* Check if we are at the end of the scalar. */ + /* Fix for crash unitialized value crash + * Credit for the bug and input is to OSS Fuzz + * Credit for the fix to Alex Gaynor + */ + if (!CACHE(parser, 1)) goto error; if (CHECK(parser->buffer, single ? '\'' : '"')) break; |