Fix unitialized value crash found by OSS Fuzz

author Ian Cordasco <graffatcolmingov@gmail.com>

Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)

committer Ian Cordasco <graffatcolmingov@gmail.com>

Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)
author Ian Cordasco <graffatcolmingov@gmail.com>
Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)
committer Ian Cordasco <graffatcolmingov@gmail.com>
Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)
diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml

new file mode 100644 (file)

index 0000000..72e9492
--- /dev/null
+++ b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
@@ -0,0 +1 @@
+"(\\r
diff --git a/src/scanner.c b/src/scanner.c

index 1189d9dbe62b73bcdeddc8963c4be2d280759fc1..8e2334fae40fe7005ba90a7aff39f7c5d8a48563 100644 (file)
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
  
          /* Check if we are at the end of the scalar. */
  
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
          if (CHECK(parser->buffer, single ? '\'' : '"'))
              break;
author	Ian Cordasco <graffatcolmingov@gmail.com>
	Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)
committer	Ian Cordasco <graffatcolmingov@gmail.com>
	Sat, 13 May 2017 23:27:08 +0000 (18:27 -0500)
regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml	[new file with mode: 0644]	patch \| blob
src/scanner.c		patch \| blob \| blame \| history