-
Notifications
You must be signed in to change notification settings - Fork 20
yaml_cpp
Link : https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89
Description: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Info: CVE_2018_20573
At src/singledocparser.cpp
@@ -48,7 +48,6 @@ void SingleDocParser::HandleDocument(EventHandler& eventHandler) {
}
void SingleDocParser::HandleNode(EventHandler& eventHandler) {
+ DepthGuard<2000> depthguard(depth, m_scanner.mark(), ErrorMsg::BAD_FILE);
// an empty node *is* a possibility
if (m_scanner.empty()) {
Tags
#Memory-error
#Single-line
#Added
#CVE
Link : https://github.com/jbeder/yaml-cpp/commit/72fe73a1043bef4a4f9e7032132f2aa50865d97e
Description: Generate right long keys
At src/emitter.cpp
@@ -585,8 +585,6 @@ void Emitter::BlockMapPrepareLongKeyValue(EmitterNodeType::value child) {
break;
case EmitterNodeType::BlockSeq:
case EmitterNodeType::BlockMap:
+ if (m_pState->HasBegunContent())
+ m_stream << "\n";
SpaceOrIndentTo(true, curIndent + 1);
break;
}
Tags
#Etc
#Multi-line
#Added
Link : https://github.com/jbeder/yaml-cpp/commit/5a9ab177bad9665ac5eb8f5b12435052123b5b6f
Description: Tag_null
At src/singledocparser.cpp
@@ -91,16 +91,14 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
const Token& token = m_scanner.peek();
// add non-specific tags
+ if (tag.empty())
+ tag = (token.type == Token::NON_PLAIN_SCALAR ? "!" : "?");
+ if (token.type == Token::PLAIN_SCALAR
+ && tag.compare("?") == 0 && IsNullString(token.value)) {
- if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) {
eventHandler.OnNull(mark, anchor);
m_scanner.pop();
return;
}
- if (tag.empty()) tag = (token.type == Token::NON_PLAIN_SCALAR ? "!" : "?");
// now split based on what kind of node we should be
switch (token.type) {
case Token::PLAIN_SCALAR:
Tags
#Invalid-format-string
#Multi-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/33315286abb27c04a5fc5322b828153f6aaf70eb
Description: Add the support to parsing a null value as std::string.
At include/yaml-cpp/node/impl.h
@@ -110,8 +110,6 @@ struct as_if<std::string, S> {
const Node& node;
std::string operator()(const S& fallback) const {
+ if (node.Type() == NodeType::Null)
+ return "null";
if (node.Type() != NodeType::Scalar)
return fallback;
return node.Scalar();
@@ -140,8 +138,6 @@ struct as_if<std::string, void> {
const Node& node;
std::string operator()() const {
+ if (node.Type() == NodeType::Null)
+ return "null";
if (node.Type() != NodeType::Scalar)
throw TypedBadConversion<std::string>(node.Mark());
return node.Scalar();
Tags
#Invalid-format-string
#Multi-line
#Added
Link : https://github.com/jbeder/yaml-cpp/commit/51ce663085f8d9d6d2bda0c2f1fad94874df5c3c
Description: Handle a key with length over 1024 as a long key.
At src/emitter.cpp
@@ -708,7 +708,7 @@ Emitter& Emitter::Write(const std::string& str) {
Utils::ComputeStringFormat(str, m_pState->GetStringFormat(),
m_pState->CurGroupFlowType(), stringEscaping == StringEscaping::NonAscii);
+ if (strFormat == StringFormat::Literal || str.size() > 1024)
- if (strFormat == StringFormat::Literal)
m_pState->SetMapKeyFormat(YAML::LongKey, FmtScope::Local);
PrepareNode(EmitterNodeType::Scalar);
Tags
#Invalid-condition
#Single-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/c3df6d87d42ed0f4b047405a558b9850ff7b888e
Description: Properly allow a trailing tab character on a block scalar
At src/scanscalar.cpp
@@ -204,7 +204,7 @@ std::string ScanScalar(Stream& INPUT, ScanScalarParams& params) {
// post-processing
if (params.trimTrailingSpaces) {
+ std::size_t pos = scalar.find_last_not_of(" \t");
- std::size_t pos = scalar.find_last_not_of(' ');
if (lastEscapedChar != std::string::npos) {
if (pos < lastEscapedChar || pos == std::string::npos) {
pos = lastEscapedChar;
Tags
#Invalid-format-string
#Single-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/1c9abc8fa4702c06d53b866dd2e7ca3b9c865f7e
Description: Handle the empty content of flow sep/map correctly during emitting.
At src/emitter.cpp
@@ -249,12 +249,8 @@ void Emitter::EmitEndMap() {
if (m_stream.comment())
m_stream << "\n";
m_stream << IndentTo(m_pState->CurIndent());
+ if (originalType == FlowType::Block) {
- if (m_pState->CurGroupChildCount() == 0)
m_stream << "{";
+ } else {
+ if (m_pState->CurGroupChildCount() == 0 && !m_pState->HasBegunNode())
+ m_stream << "{";
+ }
m_stream << "}";
}
Tags
#Invalid-condition
#Invalid-format-string
#Multi-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/9ee3928754693565fa561e2b6fda4058948d1d56
Description: Prevent trailing spaces when emitting literal strings.
At src/emitterutils.cpp
@@ -366,13 +366,13 @@ bool WriteDoubleQuotedString(ostream_wrapper& out, const std::string& str,
bool WriteLiteralString(ostream_wrapper& out, const std::string& str,
std::size_t indent) {
out << "|\n";
- out << IndentTo(indent);
int codePoint;
for (std::string::const_iterator i = str.begin();
GetNextCodePointAndAdvance(codePoint, i, str.end());) {
if (codePoint == '\n') {
+ out << "\n";
- out << "\n" << IndentTo(indent);
} else {
+ out<< IndentTo(indent);
WriteCodePoint(out, codePoint);
}
}
Tags
#Etc
#Multi-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/a6db7e32ac506d536596d31bdb2b365de1cf35a2
Description: Fix single cr not recognized.
At src/exp.h
@@ -37,7 +37,7 @@ inline const RegEx& Blank() {
return e;
}
inline const RegEx& Break() {
+ static const RegEx e = RegEx('\n') | RegEx("\r");
- static const RegEx e = RegEx('\n') | RegEx("\r\n");
return e;
}
inline const RegEx& BlankOrBreak() {
Tags
#Etc
#Single-line
#Modified
Link : https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18
Description: Fix reading empty token stack with a node with properties but no scalar.
At src/singledocparser.cpp
@@ -80,10 +80,6 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
eventHandler.OnAnchor(mark, anchor_name);
// after parsing properties, an empty node is again a possibility
+ if (m_scanner.empty()) {
+ eventHandler.OnNull(mark, anchor);
+ return;
+ }
const Token& token = m_scanner.peek();