You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the YAMLParser::_parseNumericValue() method, there is a call to Integer.parseInt(String) method which parse the _cleanedTextValue string into integer. Since the _cleanedTextValue string is coming from untrusted user input, it could be malformed and make the Integer.parseInt(String) method throws a NumberFormatException. There is no handling of NumberFormatException and thus it will throw directly to the user as an unexpected exception. Also, the call to org.yaml.snakeyaml.parser.ParserImpl::getEvent() also could throw NumberFormatException. That will also cause the same problem as above.
@Overrideprotectedvoid_parseNumericValue(intexpType) throwsIOException
{
// Int or float?if (_currToken == JsonToken.VALUE_NUMBER_INT) {
intlen = _cleanedTextValue.length();
if (_numberNegative) {
len--;
}
if (len <= 9) { // definitely fits in int_numberInt = Integer.parseInt(_cleanedTextValue);
_numTypesValid = NR_INT;
return;
}
...
The suggested fix is to add a try-catch wrapper to wrap the NumberFormatException with the expected JacksonException to avoid unexpected exceptions thrown to the users.
In the
YAMLParser::_parseNumericValue()
method, there is a call toInteger.parseInt(String)
method which parse the_cleanedTextValue
string into integer. Since the_cleanedTextValue
string is coming from untrusted user input, it could be malformed and make theInteger.parseInt(String)
method throws aNumberFormatException
. There is no handling ofNumberFormatException
and thus it will throw directly to the user as an unexpected exception. Also, the call toorg.yaml.snakeyaml.parser.ParserImpl::getEvent()
also could throwNumberFormatException
. That will also cause the same problem as above.The suggested fix is to add a try-catch wrapper to wrap the
NumberFormatException
with the expectedJacksonException
to avoid unexpected exceptions thrown to the users.We found this issue by OSS-Fuzz and it is reported in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65855.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63274 is already fixed in #452.
The text was updated successfully, but these errors were encountered: