Fix unitialized value crash found by OSS Fuzz

Google's OSS Fuzz project found input for libyaml that was capable of triggering an uninitialized value crash. Patch provided by Alex Gaynor
author: Ian Cordasco <graffatcolmingov@gmail.com> 2017-05-13 18:27:08 -0500
committer: Ian Cordasco <graffatcolmingov@gmail.com> 2017-05-13 18:27:08 -0500
commit: 6bbc217fc721b3b78ee7911e5267b40984943f4c (patch)
tree: e5af6160f47e9a99e0a4d52c5d53694607882224
parent: 119b7b6adfa72552d6dc7eb03f402ff5cf8f9fa6 (diff)
download: libyaml-git-6bbc217fc721b3b78ee7911e5267b40984943f4c.tar.gz
2 files changed, 6 insertions, 0 deletions
diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
new file mode 100644
index 0000000..72e9492
--- /dev/null
+++ b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
@@ -0,0 +1 @@
+"(\
diff --git a/src/scanner.c b/src/scanner.c
index 1189d9d..8e2334f 100644
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
 
         /* Check if we are at the end of the scalar. */
 
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
         if (CHECK(parser->buffer, single ? '\'' : '"'))
             break;
author	Ian Cordasco <graffatcolmingov@gmail.com>	2017-05-13 18:27:08 -0500
committer	Ian Cordasco <graffatcolmingov@gmail.com>	2017-05-13 18:27:08 -0500
commit	6bbc217fc721b3b78ee7911e5267b40984943f4c (patch)
tree	e5af6160f47e9a99e0a4d52c5d53694607882224
parent	119b7b6adfa72552d6dc7eb03f402ff5cf8f9fa6 (diff)
download	libyaml-git-6bbc217fc721b3b78ee7911e5267b40984943f4c.tar.gz