Show proper error message for invalid float scalar

snakeyaml · Apr 29, 2022 · 5ac5695 · 5ac5695
1 parent d48314e
commit 5ac5695
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -6,6 +6,9 @@
     </properties>
     <body>
         <release version="1.31" date="in Git" description="Maintenance">
+            <action dev="asomov" type="fix" issue="529">
+                Show proper error message for invalid float scalar (detected by OSS-Fuzz)
+            </action>
             <action dev="asomov" type="fix" issue="525">
                 Restrict nested depth for collections to avoid DoS attacks (detected by OSS-Fuzz)
             </action>

diff --git a/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java b/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java
@@ -336,7 +336,12 @@ protected static Number createLongOrBigInteger(final String number,final  int ra
     public class ConstructYamlFloat extends AbstractConstruct {
         @Override
         public Object construct(Node node) {
-            String value = constructScalar((ScalarNode) node).toString().replaceAll("_", "");
+            String value = constructScalar((ScalarNode) node).replaceAll("_", "");
+            if (value.isEmpty()) {
+                throw new ConstructorException("while constructing a float",
+                    node.getStartMark(), "found empty value",
+                    node.getStartMark());
+            }
             int sign = +1;
             char first = value.charAt(0);
             if (first == '-') {

diff --git a/src/test/java/org/yaml/snakeyaml/issues/issue529/Fuzzy47028Test.java b/src/test/java/org/yaml/snakeyaml/issues/issue529/Fuzzy47028Test.java
@@ -0,0 +1,43 @@
+/**
+ * Copyright (c) 2008, SnakeYAML
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.yaml.snakeyaml.issues.issue529;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.junit.Test;
+import org.yaml.snakeyaml.LoaderOptions;
+import org.yaml.snakeyaml.Util;
+import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.error.YAMLException;
+
+// StringIndexOutOfBoundsException [OSS-Fuzz 47028]
+public class Fuzzy47028Test {
+
+  @Test
+  public void parseKeyIndicators_47028() {
+    try {
+      LoaderOptions options = new LoaderOptions();
+      Yaml yaml = new Yaml(options);
+      String strYaml = Util.getLocalResource("fuzzer/YamlFuzzer-5463307412176896");
+      yaml.load(strYaml);
+      fail("Should report invalid YAML");
+    } catch (YAMLException e) {
+      assertTrue(e.getMessage().contains("while constructing a float"));
+      assertTrue(e.getMessage().contains("found empty value"));
+    }
+  }
+}
diff --git a/src/test/resources/fuzzer/YamlFuzzer-5463307412176896 b/src/test/resources/fuzzer/YamlFuzzer-5463307412176896
@@ -0,0 +1 @@
+- !!float