You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Weber Jo (Jira)" <ji...@apache.org> on 2022/08/06 11:51:00 UTC

[jira] [Created] (CONFIGURATION-819) Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write

Weber Jo created CONFIGURATION-819:
--------------------------------------

             Summary: Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write
                 Key: CONFIGURATION-819
                 URL: https://issues.apache.org/jira/browse/CONFIGURATION-819
             Project: Commons Configuration
          Issue Type: Bug
            Reporter: Weber Jo
         Attachments: 48192.patch, clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536, clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536, stacktrace.txt

When executing YAMLConfiguration.write with malformed input, there is the possibility to receive a snakeyaml.error.YAMLException which does not get caught and leads to a crash.

This was found through OSS-Fuzz ([Crash #48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]).

I attached the stacktrace and the crashing inputs.

Furthermore, I attached a possible fix that suppresses the given crashing inputs.
It passes all unit tests, but I am not sure if fits your code standards or if you want to catch the exception earlier (as in YAMLConfiguration.dump)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)