Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalArgumentException when attempting to decode invalid UTF-8 surrogate by SnakeYAML (oss-fuzz 50431) #400

Closed
cowtowncoder opened this issue Mar 8, 2023 · 11 comments · Fixed by #401
Closed

IllegalArgumentException when attempting to decode invalid UTF-8 surrogate by SnakeYAML (oss-fuzz 50431) #400

cowtowncoder opened this issue Mar 8, 2023 · 11 comments · Fixed by #401
Labels
oss-fuzz Issue uncovered by oss-fuzz fuzzer yaml Issue related to YAML format backend
Milestone
2.15.3

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Mar 8, 2023
edited

(note: issue found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50431)

Looks like there is an uncaught IllegalArgumentException for certain input; problem caught by Fuzzing.
Stack trace looks like

== Java Exception: java.lang.IllegalArgumentException: Not a valid Unicode code point: 0xE30EEE
	 at java.base/java.lang.Character.toChars(Character.java:9175)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.scanFlowScalarNonSpaces(ScannerImpl.java:1973)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.scanFlowScalar(ScannerImpl.java:1919)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.fetchFlowScalar(ScannerImpl.java:1068)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.fetchDouble(ScannerImpl.java:1050)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:436)
	 at org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:251)
	 at org.yaml.snakeyaml.parser.ParserImpl$ParseImplicitDocumentStart.produce(ParserImpl.java:214)
	 at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:166)
	 at org.yaml.snakeyaml.parser.ParserImpl.getEvent(ParserImpl.java:176)
	 at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:403)

I think SnakeYAML should catch the problem, re-throw -- content is invalid, but should not get through as IAE.

I created #401 for the test.
cowtowncoder added a commit that referenced this issue Mar 8, 2023
@cowtowncoder
Add failing test for #400 (yaml, char decoding)
7292c48
@cowtowncoder cowtowncoder mentioned this issue Mar 8, 2023
Merged
@cowtowncoder cowtowncoder linked a pull request Mar 8, 2023 that will close this issue
Add failing test for #400 (yaml, char decoding) #401
Merged
cowtowncoder added a commit that referenced this issue Mar 8, 2023
@cowtowncoder
Add failing test for #400 (yaml, char decoding) (#401)
28e3b69
@asomov
Copy link
Contributor

asomov commented Mar 8, 2023

@cowtowncoder thank you for the info:
https://bitbucket.org/snakeyaml/snakeyaml/issues/576

@cowtowncoder
Copy link
Member Author

@asomov Thanks! For some reason I seem to lack access to see it tho...

@asomov
Copy link
Contributor

asomov commented Mar 9, 2023

@cowtowncoder because of the spam attack I had to close the issue tracker. I hope I will open it soon

@cowtowncoder cowtowncoder reopened this Mar 27, 2023
@cowtowncoder cowtowncoder added the oss-fuzz Issue uncovered by oss-fuzz fuzzer label Apr 13, 2023
@cowtowncoder
Copy link
Member Author

Still open but will be resolved by SnakeYAML release after 2.0 (likely 2.1)

@asomov
Copy link
Contributor

asomov commented Jul 28, 2023

Hopefully 2.1 will be released in August 2023

@cowtowncoder
Copy link
Member Author

Fixed via #426

@cowtowncoder cowtowncoder added this to the 2.15.3 milestone Aug 25, 2023
@cowtowncoder cowtowncoder added the yaml Issue related to YAML format backend label Aug 25, 2023
@cowtowncoder
Copy link
Member Author

cowtowncoder commented Aug 25, 2023
edited

@asomov With SnakeYAML 2.1, this was fixed for Jackson 2.x. But it looks like snakeyaml-engine 2.6 has the same issue?
This from looking at Jackson YAML format modules failing test. (FuzzYAMLRead_400_50431Test)

@asomov
Copy link
Contributor

asomov commented Aug 25, 2023

@cowtowncoder I will try to release snakeyaml-engine this weekend to solve it

@cowtowncoder
Copy link
Member Author

@asomov No super hurry, but when you do, it'd be great if you could add a note here so I can make matching change.

Thank you!

@asomov
Copy link
Contributor

asomov commented Aug 26, 2023

@cowtowncoder SnakeYAML Engine 2.7 Released:
https://central.sonatype.com/artifact/org.snakeyaml/snakeyaml-engine/2.7/versions

@cowtowncoder
Copy link
Member Author

Thank you @asomov !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
oss-fuzz Issue uncovered by oss-fuzz fuzzer yaml Issue related to YAML format backend
Projects
None yet
Milestone
2.15.3
Development

Successfully merging a pull request may close this issue.

Add failing test for #400 (yaml, char decoding) FasterXML/jackson-dataformats-text
2 participants
@cowtowncoder @asomov