[ https://issues.apache.org/jira/browse/CONFIGURATION-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved CONFIGURATION-819. ------------------------------------------- Resolution: Information Provided > Uncaught snakeyaml.error.YAMLException in YAMLConfiguration.write > ----------------------------------------------------------------- > > Key: CONFIGURATION-819 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-819 > Project: Commons Configuration > Issue Type: Bug > Reporter: Weber Jo > Priority: Major > Attachments: 48192.patch, > clusterfuzz-testcase-YAMLConfigurationWriteFuzzer-5634459279425536, > clusterfuzz-testcase-minimized-YAMLConfigurationWriteFuzzer-5634459279425536, > stacktrace.txt > > > When executing YAMLConfiguration.write with malformed input, there is the > possibility to receive a snakeyaml.error.YAMLException which does not get > caught and leads to a crash. > This was found through OSS-Fuzz ([Crash > #48192|https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48192]). > I attached the stacktrace and the crashing inputs. > Furthermore, I attached a possible fix that suppresses the given crashing > inputs. > It passes all unit tests, but I am not sure if fits your code standards or if > you want to catch the exception earlier (as in YAMLConfiguration.dump) -- This message was sent by Atlassian Jira (v8.20.10#820010)