[
https://issues.apache.org/jira/browse/CONFIGURATION-819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17576189#comment-17576189
]
Gary D. Gregory commented on CONFIGURATION-819:
-----------------------------------------------
FYI, a "crash" is when the JVM crashes, not when an exception is thrown. So
this is neither a "crash" nor a "Major" issue. Some projects/components choose
to simply document what exceptions a method throws and leave it at that. I'm
not sure what is best here: Rethrow or document? What do others think?
> Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write
> -----------------------------------------------------------------
>
> Key: CONFIGURATION-819
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-819
> Project: Commons Configuration
> Issue Type: Bug
> Reporter: Weber Jo
> Priority: Major
> Attachments: 48192.patch,
> clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536,
> clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536,
> stacktrace.txt
>
>
> When executing YAMLConfiguration.write with malformed input, there is the
> possibility to receive a snakeyaml.error.YAMLException which does not get
> caught and leads to a crash.
> This was found through OSS-Fuzz ([Crash
> #48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]).
> I attached the stacktrace and the crashing inputs.
> Furthermore, I attached a possible fix that suppresses the given crashing
> inputs.
> It passes all unit tests, but I am not sure if fits your code standards or if
> you want to catch the exception earlier (as in YAMLConfiguration.dump)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
