From d5f8c887a2e7d65312dc4136e2f1343a88883f6b Mon Sep 17 00:00:00 2001 From: Alexandre Daubois Date: Sun, 4 Apr 2021 20:39:25 +0200 Subject: [PATCH] [Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag Instead of letting the parser goes in an infinite loop, throw an exception when the additional and invalid is found --- src/Symfony/Component/Yaml/Parser.php | 4 ++++ .../Component/Yaml/Tests/ParserTest.php | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/Symfony/Component/Yaml/Parser.php b/src/Symfony/Component/Yaml/Parser.php index f26b90f1b0..02181e05c7 100644 --- a/src/Symfony/Component/Yaml/Parser.php +++ b/src/Symfony/Component/Yaml/Parser.php @@ -1225,6 +1225,10 @@ class Parser $offset = $cursor; $cursor += strcspn($this->currentLine, '[]{},: ', $cursor); + if ($cursor === $offset) { + throw new ParseException('Malformed unquoted YAML string.'); + } + return substr($this->currentLine, $offset, $cursor - $offset); } diff --git a/src/Symfony/Component/Yaml/Tests/ParserTest.php b/src/Symfony/Component/Yaml/Tests/ParserTest.php index 1fa448dad5..f7fc750c46 100644 --- a/src/Symfony/Component/Yaml/Tests/ParserTest.php +++ b/src/Symfony/Component/Yaml/Tests/ParserTest.php @@ -2676,6 +2676,25 @@ YAML; ); } + public function testThrowExceptionIfInvalidAdditionalClosingTagOccurs() + { + $yaml = '{ + "object": { + "array": [ + "a", + "b", + "c" + ] + ], + } + }'; + + $this->expectException(ParseException::class); + $this->expectExceptionMessage('Malformed unquoted YAML string at line 8 (near " ],").'); + + $this->parser->parse($yaml); + } + public function testWhitespaceAtEndOfLine() { $yaml = "\nfoo:\n arguments: [ '@bar' ] \n";