[
https://issues.apache.org/jira/browse/CONFIGURATION-819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17576191#comment-17576191
]
Weber Jo commented on CONFIGURATION-819:
----------------------------------------
Clearly looks like I misunderstood the term "crash".
I am sorry for that. I will remember it for future issues.
> Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write
> -----------------------------------------------------------------
>
> Key: CONFIGURATION-819
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-819
> Project: Commons Configuration
> Issue Type: Bug
> Reporter: Weber Jo
> Priority: Major
> Attachments: 48192.patch,
> clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536,
> clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536,
> stacktrace.txt
>
>
> When executing YAMLConfiguration.write with malformed input, there is the
> possibility to receive a snakeyaml.error.YAMLException which does not get
> caught and leads to a crash.
> This was found through OSS-Fuzz ([Crash
> #48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]).
> I attached the stacktrace and the crashing inputs.
> Furthermore, I attached a possible fix that suppresses the given crashing
> inputs.
> It passes all unit tests, but I am not sure if fits your code standards or if
> you want to catch the exception earlier (as in YAMLConfiguration.dump)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
