search

pantoniou / libfyaml

Fully feature complete YAML parser and emitter, supporting the latest YAML spec and passing the full YAML testsuite.
MIT License
243 stars 74 forks source link

libfyaml hangs indefinitely on `\x25\x22\xa6` #101

Closed MatejKafka closed 11 months ago

MatejKafka commented 11 months ago

If you compile the following .c file, with the current master of libfyaml:

#include "libfyaml.h"
#include <stdio.h>

int main(int argc, char* argv[]) {
    char* input = "\x25\x22\xa6";
    size_t len = 3;

    struct fy_document *fyd = NULL;
    fyd = fy_document_build_from_string(NULL, input, len);
    fy_document_destroy(fyd);

    return 0;
}

The parser hangs indefinitely in fy_scan_directive. There's a lot of similar hangs from a few hours of fuzzing with AFL++, I suspect the root cause will be the same or similar for most of them.

pantoniou commented 11 months ago

Fixed by 7f7be36f0305d2f8949f5a39c01f94e5babff615

Let me know if fuzzing comes up with more stuff like that.