You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/08/06 12:13:00 UTC
[jira] [Commented] (CONFIGURATION-819) Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write
[ https://issues.apache.org/jira/browse/CONFIGURATION-819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17576189#comment-17576189 ]
Gary D. Gregory commented on CONFIGURATION-819:
-----------------------------------------------
FYI, a "crash" is when the JVM crashes, not when an exception is thrown. So this is neither a "crash" nor a "Major" issue. Some projects/components choose to simply document what exceptions a method throws and leave it at that. I'm not sure what is best here: Rethrow or document? What do others think?
> Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write
> -----------------------------------------------------------------
>
> Key: CONFIGURATION-819
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-819
> Project: Commons Configuration
> Issue Type: Bug
> Reporter: Weber Jo
> Priority: Major
> Attachments: 48192.patch, clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536, clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536, stacktrace.txt
>
>
> When executing YAMLConfiguration.write with malformed input, there is the possibility to receive a snakeyaml.error.YAMLException which does not get caught and leads to a crash.
> This was found through OSS-Fuzz ([Crash #48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]).
> I attached the stacktrace and the crashing inputs.
> Furthermore, I attached a possible fix that suppresses the given crashing inputs.
> It passes all unit tests, but I am not sure if fits your code standards or if you want to catch the exception earlier (as in YAMLConfiguration.dump)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)