Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in pyyaml found by fuzzing #473

Closed
ingydotnet opened this issue Jan 12, 2021 · 4 comments
Closed

Bug in pyyaml found by fuzzing #473

ingydotnet opened this issue Jan 12, 2021 · 4 comments
Labels
task:bug
Projects
PyYAML 6.0 Release Planning

Comments

@ingydotnet
Copy link
Member 

Happy new year Ingy,

Here is a bug found by fuzzing pyyaml

Reproducer is :

import yaml
yaml.load("._:")

Stack trace is :
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/site-packages/yaml/__init__.py", line 72, =
in load
    return loader.get_single_data()
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 3=
7, in get_single_data
    return self.construct_document(node)
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 4=
6, in construct_document
    for dummy in generator:
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 3=
98, in construct_yaml_map
    value =3D self.construct_mapping(node)
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 2=
04, in construct_mapping
    return super().construct_mapping(node, deep=3Ddeep)
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 1=
25, in construct_mapping
    key =3D self.construct_object(key_node, deep=3Ddeep)
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 8=
6, in construct_object
    data =3D constructor(self, node)
  File "/usr/local/lib/python3.7/site-packages/yaml/constructor.py", line 2=
78, in construct_yaml_float
    return sign*float(value)
ValueError: could not convert string to float: =E2=80=98.'

Cheers,
Philippe
@ingydotnet
Copy link
Member Author

Reporting a bug that was emailed to me personally.

Simpler case is: yaml.load("._")

This does not seem to match the regexp in https://yaml.org/type/float.html

@perlpunk perlpunk mentioned this issue Jan 29, 2021
Open
@perlpunk perlpunk mentioned this issue Feb 6, 2021
Merged
@perlpunk
Copy link
Member

perlpunk commented Feb 6, 2021

Duplicate of #168

@perlpunk perlpunk marked this as a duplicate of #168 Feb 6, 2021
@perlpunk
Copy link
Member

Handled by #497

@perlpunk perlpunk moved this from To Do to Review in PyYAML 6.0 Release Planning Sep 23, 2021
@perlpunk perlpunk moved this from Review to Done in PyYAML 6.0 Release Planning Sep 23, 2021
@perlpunk
Copy link
Member

perlpunk commented Oct 15, 2021
edited

This can be closed as well, fixed in 6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task:bug
Projects
PyYAML 6.0 Release Planning
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ingydotnet @perlpunk