Commits on Apr 18, 2024

1. libyaml: Fix yaml_write_handler return values …

   See google#11811
   
   libyaml expects 1 for success and 0 for failure.
   
   https://github.com/yaml/libyaml/blob/master/src/writer.c#L53-L62
   
       if (emitter->write_handler(emitter->write_handler_data, ...) {
           ...
       }
       else {
           return yaml_emitter_set_writer_error(emitter, "write error");
       }
   
   The logic is currently reverse, which (in combination of the failing
   check for the yaml_emitter_dump return value) caused several wrong bug reports
   and a CVE.
   
   The fuzzer programs just ignore the failing yaml_emitter_dump, and so I
   assume it never appeared as a problem. Only in the cases where the wrongly
   called yaml_emitter_close ran into a case where it popped from an empty
   stack an overflow was detected.
   
   The input YAML in question just had a lot of nested sequences in the form
   
       - - - - -
   
   which in canonical output mode resulted in a large output because of the
   indentation, and so the buffer flush was triggered before the emitter
   finished:
   !!seq [
     !!seq [
       ...
   
   In the most cases the YAML is simply too small to produce the error because
   the flush happened when the output was complete.

   

   perlpunk committed Apr 18, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 175e615
   • Browse repository at this point

   Copy the full SHA

   175e615 View commit details

   Browse the repository at this point in the history