Fix another OSS-Fuzz issue wrt invalid YAML content, decoding (#452)

FasterXML · Jan 13, 2024 · 61c2f1f · 61c2f1f
1 parent fc40a63
commit 61c2f1f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/yaml/src/main/java/com/fasterxml/jackson/dataformat/yaml/YAMLParser.java b/yaml/src/main/java/com/fasterxml/jackson/dataformat/yaml/YAMLParser.java
@@ -441,6 +441,13 @@ public JsonToken nextToken() throws IOException
                         (this, (org.yaml.snakeyaml.error.MarkedYAMLException) e);
                 }
                 throw new JacksonYAMLParseException(this, e.getMessage(), e);
+            } catch (NumberFormatException e) {
+                // 12-Jan-2024, tatu: As per https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274
+                //    we seem to have unhandled case by SnakeYAML
+                throw _constructError(String.format(
+                        "Malformed Number token: failed to tokenize due to (%s): %s",
+                        e.getClass().getName(), e.getMessage()),
+                        e);
             }
             // is null ok? Assume it is, for now, consider to be same as end-of-doc
             if (evt == null) {

diff --git a/...t/yaml/failing/FuzzYAMLRead63274Test.java → ...rmat/yaml/fuzz/FuzzYAMLRead63274Test.java b/...t/yaml/failing/FuzzYAMLRead63274Test.java → ...rmat/yaml/fuzz/FuzzYAMLRead63274Test.java
@@ -1,4 +1,4 @@
-package com.fasterxml.jackson.dataformat.yaml.failing;
+package com.fasterxml.jackson.dataformat.yaml.fuzz;
 
 import com.fasterxml.jackson.core.JacksonException;
 
@@ -10,7 +10,7 @@ public class FuzzYAMLRead63274Test extends ModuleTestBase
     private final ObjectMapper MAPPER = newObjectMapper();
 
     // https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274
-    public void testReadBoundary63274() throws Exception
+    public void testMalformedNumber63274() throws Exception
     {
         // As bytes:
         /*
@@ -35,9 +35,9 @@ public void testReadBoundary63274() throws Exception
         try {
             MAPPER.readTree(doc);
             // Ok; don't care about content, just buffer reads
+            fail("Should not pass");
         } catch (JacksonException e) {
-            // !!! TODO: proper checking of exception
-            verifyException(e, "foo");
+            verifyException(e, "Malformed Number token: failed to ");
         }
     }
 }