From d5f8c887a2e7d65312dc4136e2f1343a88883f6b Mon Sep 17 00:00:00 2001 From: Alexandre Daubois Date: Sun, 4 Apr 2021 20:39:25 +0200 Subject: [PATCH] [Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag Instead of letting the parser goes in an infinite loop, throw an exception when the additional and invalid is found --- src/Symfony/Component/Yaml/Parser.php | 4 ++++ .../Component/Yaml/Tests/ParserTest.php | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/Symfony/Component/Yaml/Parser.php b/src/Symfony/Component/Yaml/Parser.php index f26b90f1b00b0..02181e05c7507 100644 --- a/src/Symfony/Component/Yaml/Parser.php +++ b/src/Symfony/Component/Yaml/Parser.php @@ -1225,6 +1225,10 @@ private function lexUnquotedString(int &$cursor): string $offset = $cursor; $cursor += strcspn($this->currentLine, '[]{},: ', $cursor); + if ($cursor === $offset) { + throw new ParseException('Malformed unquoted YAML string.'); + } + return substr($this->currentLine, $offset, $cursor - $offset); } diff --git a/src/Symfony/Component/Yaml/Tests/ParserTest.php b/src/Symfony/Component/Yaml/Tests/ParserTest.php index 1fa448dad56d0..f7fc750c465c4 100644 --- a/src/Symfony/Component/Yaml/Tests/ParserTest.php +++ b/src/Symfony/Component/Yaml/Tests/ParserTest.php @@ -2676,6 +2676,25 @@ public function testParseValueWithNegativeModifiers() ); } + public function testThrowExceptionIfInvalidAdditionalClosingTagOccurs() + { + $yaml = '{ + "object": { + "array": [ + "a", + "b", + "c" + ] + ], + } + }'; + + $this->expectException(ParseException::class); + $this->expectExceptionMessage('Malformed unquoted YAML string at line 8 (near " ],").'); + + $this->parser->parse($yaml); + } + public function testWhitespaceAtEndOfLine() { $yaml = "\nfoo:\n arguments: [ '@bar' ] \n";