Weber Jo created CONFIGURATION-819:
--------------------------------------
Summary: Uncaught snakeyaml.error.YAMLException in
YAMLConfiguration.write
Key: CONFIGURATION-819
URL: https://issues.apache.org/jira/browse/CONFIGURATION-819
Project: Commons Configuration
Issue Type: Bug
Reporter: Weber Jo
Attachments: 48192.patch,
clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536,
clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536,
stacktrace.txt
When executing YAMLConfiguration.write with malformed input, there is the
possibility to receive a snakeyaml.error.YAMLException which does not get
caught and leads to a crash.
This was found through OSS-Fuzz ([Crash
#48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]).
I attached the stacktrace and the crashing inputs.
Furthermore, I attached a possible fix that suppresses the given crashing
inputs.
It passes all unit tests, but I am not sure if fits your code standards or if
you want to catch the exception earlier (as in YAMLConfiguration.dump)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
