Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unsafe-yaml-backed serde-yaml panics on lexer errors #293

Mrmaxmeier opened this issue Jul 29, 2022 · 1 comment · Fixed by #295

unsafe-yaml-backed serde-yaml panics on lexer errors #293

Mrmaxmeier opened this issue Jul 29, 2022 · 1 comment · Fixed by #295


Copy link

Mrmaxmeier commented Jul 29, 2022

YAML payloads with invalid syntax can trigger this branch: sys::YAML_NO_EVENT => unreachable!():

let _ = serde_yaml::from_str::<serde_yaml::Value>(">\n@");
thread 'main' panicked at 'internal error: entered unreachable code', src/libyaml/
stack backtrace:
   0: rust_begin_unwind
   3: serde_yaml::libyaml::parser::convert_event
             at ./src/libyaml/
   4: serde_yaml::libyaml::parser::Parser::next
             at ./src/libyaml/

This happens because libyaml's yaml_parser_parse seems to expect the caller to handle parser->error states:

This patch fixes the panic, but I'm not sure if it's the proper fix:

diff --git a/src/libyaml/ b/src/libyaml/
index 9f43ced..ae8f375 100644
--- a/src/libyaml/
+++ b/src/libyaml/
@@ -84,6 +84,9 @@ impl<'input> Parser<'input> {
         let mut event = MaybeUninit::<sys::yaml_event_t>::uninit();
         unsafe {
             let parser = addr_of_mut!((*;
+            if (*parser).error != sys::YAML_NO_ERROR {
+                return Err(Error::parse_error(parser));
+            }
             let event = event.as_mut_ptr();
             if sys::yaml_parser_parse(parser, event).fail {
                 return Err(Error::parse_error(parser));
Copy link

dtolnay commented Jul 29, 2022

Thanks! Fixed in 0.9.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging a pull request may close this issue.

2 participants