From 6bbc217fc721b3b78ee7911e5267b40984943f4c Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Sat, 13 May 2017 18:27:08 -0500
Subject: [PATCH] Fix unitialized value crash found by OSS Fuzz

Google's OSS Fuzz project found input for libyaml that was capable of
triggering an uninitialized value crash.

Patch provided by Alex Gaynor
---
 .../clusterfuzz-testcase-minimized-5607885063061504.yml      | 1 +
 src/scanner.c                                                | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml

diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
new file mode 100644
index 0000000..72e9492
--- /dev/null
+++ b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
@@ -0,0 +1 @@
+"(\
diff --git a/src/scanner.c b/src/scanner.c
index 1189d9d..8e2334f 100644
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
 
         /* Check if we are at the end of the scalar. */
 
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
         if (CHECK(parser->buffer, single ? '\'' : '"'))
             break;
 
-- 
2.45.0