Fix unitialized value crash found by OSS Fuzz

Google's OSS Fuzz project found input for libyaml that was capable of triggering an uninitialized value crash. Patch provided by Alex Gaynor
ISLEcode · May 13, 2017 · 6bbc217 · 6bbc217
1 parent 119b7b6
commit 6bbc217
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml b/regression-inputs/clusterfuzz-testcase-minimized-5607885063061504.yml
@@ -0,0 +1 @@
+"(\
diff --git a/src/scanner.c b/src/scanner.c
@@ -3284,6 +3284,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
 
         /* Check if we are at the end of the scalar. */
 
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
         if (CHECK(parser->buffer, single ? '\'' : '"'))
             break;