Unexpected NumberFormatException in YAMLParser

[arthurscchan]

In the YAMLParser::_parseNumericValue() method, there is a call to Integer.parseInt(String) method which parse the _cleanedTextValue string into integer. Since the _cleanedTextValue string is coming from untrusted user input, it could be malformed and make the Integer.parseInt(String) method throws a NumberFormatException. There is no handling of NumberFormatException and thus it will throw directly to the user as an unexpected exception. Also, the call to org.yaml.snakeyaml.parser.ParserImpl::getEvent() also could throw NumberFormatException. That will also cause the same problem as above.

    @Override
    protected void _parseNumericValue(int expType) throws IOException
    {
        // Int or float?
        if (_currToken == JsonToken.VALUE_NUMBER_INT) {
            int len = _cleanedTextValue.length();
            if (_numberNegative) {
                len--;
            }
            if (len <= 9) { // definitely fits in int
                _numberInt = Integer.parseInt(_cleanedTextValue);
                _numTypesValid = NR_INT;
                return;
            }
...

    public JsonToken nextToken() throws IOException
    {
        _currentIsAlias = false;
        _binaryValue = null;
        if (_closed) {
            return null;
        }

        while (true) {
            Event evt;
            try {
                evt = _yamlParser.getEvent();
,,,

The suggested fix is to add a try-catch wrapper to wrap the NumberFormatException with the expected JacksonException to avoid unexpected exceptions thrown to the users.

We found this issue by OSS-Fuzz and it is reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65855.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274 is already fixed in #452.