Show configuration for issue 543

3 files changed, 46 insertions, 0 deletions

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 406c4c4f..64cf99f5 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -6,6 +6,9 @@
     </properties>
     <body>
         <release version="1.32-SNAPSHOT" date="in GIT" description="Maintenance">
+            <action dev="asomov" type="fix" issue="543">
+                Add a test for issue 543 (thanks to Henry Lin)
+            </action>
             <action dev="asomov" type="fix" issue="547">
                 Set the limit for incoming data to prevent a CVE report in NIST
             </action>
diff --git a/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java b/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java
new file mode 100644
index 00000000..a919d08b
--- /dev/null
+++ b/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java
@@ -0,0 +1,42 @@
+/**
+ * Copyright (c) 2008, SnakeYAML
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.yaml.snakeyaml.issues.issue543;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import org.junit.Test;
+import org.yaml.snakeyaml.LoaderOptions;
+import org.yaml.snakeyaml.Util;
+import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.error.YAMLException;
+
+// Stackoverflow [OSS-Fuzz - 50355]
+public class Fuzzer50355Test {
+
+  @Test
+  public void parse_50355() {
+    LoaderOptions options = new LoaderOptions();
+    options.setAllowRecursiveKeys(false);
+    Yaml yaml = new Yaml(options);
+    String strYaml = Util.getLocalResource("fuzzer/YamlFuzzer-5167495132086272");
+    try {
+      yaml.load(strYaml);
+      fail("Recursive keys should not be accepted");
+    } catch (YAMLException e) {
+      assertEquals("Recursive key for mapping is detected but it is not configured to be allowed.",
+          e.getMessage());
+    }
+  }
+}
diff --git a/src/test/resources/fuzzer/YamlFuzzer-5167495132086272 b/src/test/resources/fuzzer/YamlFuzzer-5167495132086272
new file mode 100644
index 00000000..bf67e971
--- /dev/null
+++ b/src/test/resources/fuzzer/YamlFuzzer-5167495132086272
@@ -0,0 +1 @@
+E::!!float-1B: &ž??
  !!set  
 ?
  *ž??
E::
  *ž??
E::--1B: &ž??
  !!set  
 ?
  *ž??
?
  !!set  
 ?
  *ž??
E::--8586470366B: &ž??
  !!set  
 ?
 - *ž??
?
  !!set  
 ?
  *ž??
false: &ž??
  !!set  
 ?
  *ž??
?
  !!set  
 ?
  *ž??
0B: &ž??
  !!set  
 ? *ž??
?
  !!set  
 ?
  *ž??
0B: &ž??
  !!set  
 ?
  *ž??
?
 
  *ž??
?
  !!set  
 ?
  *ž??
E::--0B: &ž??
  !!set  
 ?
  *ž??
0b2B: &ž??
  !!set  
 ?
  *ž??
\ No newline at end of file