From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Sat, 13 May 2017 23:27:08 +0000 (-0500)
Subject: Fix unitialized value crash found by OSS Fuzz
X-Git-Tag: upstream/0.2.1^2~20
X-Git-Url: http://andersk.mit.edu/gitweb/libyaml.git/commitdiff_plain/6bbc217fc721b3b78ee7911e5267b40984943f4c

Fix unitialized value crash found by OSS Fuzz

Google's OSS Fuzz project found input for libyaml that was capable of
triggering an uninitialized value crash.

Patch provided by Alex Gaynor
---

diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
new file mode 100644
index 0000000..72e9492
--- /dev/null
+++ b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
@@ -0,0 +1 @@
+"(\
diff --git a/src/scanner.c b/src/scanner.c
index 1189d9d..8e2334f 100644
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
 
         /* Check if we are at the end of the scalar. */
 
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
         if (CHECK(parser->buffer, single ? '\'' : '"'))
             break;