Canonical source repository for LibYAML
Home Page: http://pyyaml.org/wiki/LibYAML
License: MIT License
This repository found at https://github.com/yaml/yaml contains information and pointers to all things YAML.
Hi libyaml,
As part of our fuzzing efforts at Google, we are interested in understanding the process for reporting potential security issues to your project in a private manner. Could you please advise us if there is a private tracker for these kinds of bugs, or if you prefer them filed in a publicly visible way?
Thanks!
Hello, as said, I updated libyaml with the fix for the testsuite failures (e.g. haskell-yaml), in particular this single commit
56400d9
the problem is that now pyyaml has some test failing on i386
original yaml (latest version)
https://launchpadlibrarian.net/325264273/buildlog_ubuntu-artful-i386.pyyaml_3.12-1build2_BUILDING.txt.gz
patched yaml (commit 56400d9)
set -e && for i in 2.7; do \
echo "-- running tests for "$i" plain --" ; \
python$i -c "import sys ; sys.path.insert(0, 'debian/python-yaml/usr/lib/python$i/dist-packages/'); \
sys.path.insert(0, 'tests/lib'); import test_all; test_all.main([])";\
done
-- running tests for 2.7 plain --
..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................FF..F.....F....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
===========================================================================
test_emitter_styles_ext(tests/data/spec-07-09.data, tests/data/spec-07-09.canonical): FAILURE
Traceback (most recent call last):
File "tests/lib/test_appliance.py", line 65, in execute
function(verbose=verbose, *filenames)
File "tests/lib/test_yaml_ext.py", line 240, in wrapper
function(*args, **kwds)
File "tests/lib/test_emitter.py", line 62, in test_emitter_styles
_compare_events(events, new_events)
File "tests/lib/test_emitter.py", line 15, in _compare_events
assert event1.value == event2.value, (event1, event2)
AssertionError: see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'foo'),
ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'foo %YAML 1.1'))
---------------------------------------------------------------------------
tests/data/spec-07-09.data:
---
foo
...
# Repeated end marker.
...
---
bar
# No end marker.
---
baz
...
---------------------------------------------------------------------------
tests/data/spec-07-09.canonical:
%YAML 1.1
---
!!str "foo"
%YAML 1.1
---
!!str "bar"
%YAML 1.1
---
!!str "baz"
===========================================================================
test_emitter_styles_ext(tests/data/spec-07-10.data, tests/data/spec-07-10.canonical): FAILURE
Traceback (most recent call last):
File "tests/lib/test_appliance.py", line 65, in execute
function(verbose=verbose, *filenames)
File "tests/lib/test_yaml_ext.py", line 240, in wrapper
function(*args, **kwds)
File "tests/lib/test_emitter.py", line 62, in test_emitter_styles
_compare_events(events, new_events)
File "tests/lib/test_emitter.py", line 15, in _compare_events
assert event1.value == event2.value, (event1, event2)
AssertionError: see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'Root flow scalar'),
ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'Root flow scalar %YAML 1.1'))
---------------------------------------------------------------------------
tests/data/spec-07-10.data:
"Root flow
scalar"
--- !!str >
Root block
scalar
---
# Root collection:
foo : bar
... # Is optional.
---
# Explicit document may be empty.
---------------------------------------------------------------------------
tests/data/spec-07-10.canonical:
%YAML 1.1
---
!!str "Root flow scalar"
%YAML 1.1
---
!!str "Root block scalar\n"
%YAML 1.1
---
!!map {
? !!str "foo"
: !!str "bar"
}
---
#!!str ""
!!null ""
===========================================================================
test_emitter_styles_ext(tests/data/spec-07-13.data, tests/data/spec-07-13.canonical): FAILURE
Traceback (most recent call last):
File "tests/lib/test_appliance.py", line 65, in execute
function(verbose=verbose, *filenames)
File "tests/lib/test_yaml_ext.py", line 240, in wrapper
function(*args, **kwds)
File "tests/lib/test_emitter.py", line 62, in test_emitter_styles
_compare_events(events, new_events)
File "tests/lib/test_emitter.py", line 15, in _compare_events
assert event1.value == event2.value, (event1, event2)
AssertionError: see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(ScalarEvent(anchor=None, tag=u'!foo', implicit=(False, False), value=u'No directives'),
ScalarEvent(anchor=None, tag=u'!foo', implicit=(False, False), value=u'No directives %TAG ! %21foo'))
---------------------------------------------------------------------------
tests/data/spec-07-13.data:
! "First document"
---
!foo "No directives"
%TAG ! !foo
---
!bar "With directives"
%YAML 1.1
---
!baz "Reset settings"
---------------------------------------------------------------------------
tests/data/spec-07-13.canonical:
%YAML 1.1
---
!!str "First document"
---
!<!foo> "No directives"
---
!<!foobar> "With directives"
---
!<!baz> "Reset settings"
===========================================================================
test_emitter_styles_ext(tests/data/spec-08-08.data, tests/data/spec-08-08.canonical): FAILURE
Traceback (most recent call last):
File "tests/lib/test_appliance.py", line 65, in execute
function(verbose=verbose, *filenames)
File "tests/lib/test_yaml_ext.py", line 240, in wrapper
function(*args, **kwds)
File "tests/lib/test_emitter.py", line 62, in test_emitter_styles
_compare_events(events, new_events)
File "tests/lib/test_emitter.py", line 15, in _compare_events
assert event1.value == event2.value, (event1, event2)
AssertionError: see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'foo bar'),
ScalarEvent(anchor=None, tag=u'tag:yaml.org,2002:str', implicit=(False, False), value=u'foo bar %YAML 1.1'))
---------------------------------------------------------------------------
tests/data/spec-08-08.data:
---
foo:
"bar
baz"
---
"foo
bar"
---
foo
bar
--- |
foo
...
---------------------------------------------------------------------------
tests/data/spec-08-08.canonical:
%YAML 1.1
---
!!map {
? !!str "foo"
: !!str "bar baz"
}
%YAML 1.1
---
!!str "foo bar"
%YAML 1.1
---
!!str "foo bar"
%YAML 1.1
---
!!str "foo\n"
===========================================================================
TESTS: 2573
FAILURES: 4
set -e && for i in 2.7; do \
echo "-- running tests for "$i" debug --" ; \
python$i-dbg -c "import sys ; sys.path.insert(0, 'debian/python-yaml-dbg/usr/lib/python$i/dist-packages/'); \
sys.path.insert(0, 'tests/lib'); import test_all; test_all.main([])";\
done
-- running tests for 2.7 debug --
..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................FF..F.....F....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
can you please help?
thanks a lot
(the same failure happens with the latest git master FWIW)
It looks like libyaml 0.1.5 was released but it was release from here. Is this bitbucket account the canonical repo?
run-emitter.c:142:61: warning: self-comparison always evaluates to false [-Wtautological-compare]
Source code is
|| (event2->data.scalar.quoted_implicit != event2->data.scalar.quoted_implicit)
Maybe better code
|| (event1->data.scalar.quoted_implicit != event2->data.scalar.quoted_implicit)
Adding flag -Wtautological-compare to your builds will help catch problems like this in future.
git log
commit 01f3a8786127748b5bbd4614880c4484570bbd44
Author: Roger Peppe <[email protected]>
Date: Mon Jan 8 18:47:02 2018 +0000
Remove need for PTRDIFF_MAX
It's just as easy to calculate the maximum value directly.
compile
gcc -I./ -I./include -g -fsanitize=address ./leak_1.c -o leak ./src/.libs/libyaml.so
./leak
error
=================================================================
==10850==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 3072 byte(s) in 2 object(s) allocated from:
#0 0x7f7e287af602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f7e2849314c in yaml_malloc /home/fuzz/github/libyaml_g/src/api.c:33
#2 0x7f7e2849b639 in yaml_document_initialize /home/fuzz/github/libyaml_g/src/api.c:1059
#3 0x40226e in copy_document leak_1.c:119
#4 0x402b25 in dumper_main leak_1.c:225
#5 0x402ecf in main leak_1.c:293
#6 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 1536 byte(s) in 1 object(s) allocated from:
#0 0x7f7e287af602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f7e2849314c in yaml_malloc /home/fuzz/github/libyaml_g/src/api.c:33
#2 0x7f7e284e2036 in yaml_parser_load /home/fuzz/github/libyaml_g/src/loader.c:75
#3 0x402c4c in dumper_main leak_1.c:256
#4 0x402ecf in main leak_1.c:293
#5 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Indirect leak of 44 byte(s) in 2 object(s) allocated from:
#0 0x7f7e2877930f in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6230f)
#1 0x7f7e284931ec in yaml_strdup /home/fuzz/github/libyaml_g/src/api.c:66
#2 0x7f7e2849c939 in yaml_document_add_scalar /home/fuzz/github/libyaml_g/src/api.c:1215
#3 0x4023d4 in copy_document leak_1.c:129
#4 0x402b25 in dumper_main leak_1.c:225
#5 0x402ecf in main leak_1.c:293
#6 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Indirect leak of 22 byte(s) in 1 object(s) allocated from:
#0 0x7f7e2877930f in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6230f)
#1 0x7f7e284931ec in yaml_strdup /home/fuzz/github/libyaml_g/src/api.c:66
#2 0x7f7e284e3964 in yaml_parser_load_scalar /home/fuzz/github/libyaml_g/src/loader.c:293
#3 0x7f7e284e3083 in yaml_parser_load_node /home/fuzz/github/libyaml_g/src/loader.c:207
#4 0x7f7e284e2e05 in yaml_parser_load_document /home/fuzz/github/libyaml_g/src/loader.c:184
#5 0x7f7e284e2414 in yaml_parser_load /home/fuzz/github/libyaml_g/src/loader.c:98
#6 0x402c4c in dumper_main leak_1.c:256
#7 0x402ecf in main leak_1.c:293
#8 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Indirect leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f7e287af602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f7e2849314c in yaml_malloc /home/fuzz/github/libyaml_g/src/api.c:33
#2 0x7f7e284c4779 in yaml_parser_scan_flow_scalar /home/fuzz/github/libyaml_g/src/scanner.c:3027
#3 0x7f7e284acae4 in yaml_parser_fetch_flow_scalar /home/fuzz/github/libyaml_g/src/scanner.c:1872
#4 0x7f7e284a343a in yaml_parser_fetch_next_token /home/fuzz/github/libyaml_g/src/scanner.c:999
#5 0x7f7e284a107f in yaml_parser_fetch_more_tokens /home/fuzz/github/libyaml_g/src/scanner.c:846
#6 0x7f7e284d5b20 in yaml_parser_parse_document_content /home/fuzz/github/libyaml_g/src/parser.c:444
#7 0x7f7e284d3c27 in yaml_parser_state_machine /home/fuzz/github/libyaml_g/src/parser.c:240
#8 0x7f7e284d3882 in yaml_parser_parse /home/fuzz/github/libyaml_g/src/parser.c:188
#9 0x7f7e284e2dde in yaml_parser_load_document /home/fuzz/github/libyaml_g/src/loader.c:182
#10 0x7f7e284e2414 in yaml_parser_load /home/fuzz/github/libyaml_g/src/loader.c:98
#11 0x402c4c in dumper_main leak_1.c:256
#12 0x402ecf in main leak_1.c:293
#13 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Indirect leak of 9 byte(s) in 2 object(s) allocated from:
#0 0x7f7e287af602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f7e2849314c in yaml_malloc /home/fuzz/github/libyaml_g/src/api.c:33
#2 0x7f7e2849c9a2 in yaml_document_add_scalar /home/fuzz/github/libyaml_g/src/api.c:1223
#3 0x4023d4 in copy_document leak_1.c:129
#4 0x402b25 in dumper_main leak_1.c:225
#5 0x402ecf in main leak_1.c:293
#6 0x7f7e280e282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: 4699 byte(s) leaked in 9 allocation(s).
The README suggests that, after downloading the tarball for version 0.2.1, there should be a configure file that I can run. No such file exists, and I need to run ./bootstrap. You might want to simplify your instructions respectively, since there doesn't seem to be a difference between building a git checkout and building from a release tarball.
When I use cmake, the files that are installed are
-- Install configuration: "RELEASE"
-- Installing: /usr/include/yaml.h
-- Installing: /usr/lib/libyaml.so
-- Installing: /usr/cmake/yamlConfig.cmake
-- Installing: /usr/cmake/yamlTargets.cmake
-- Installing: /usr/cmake/yamlTargets-release.cmake
-- Installing: /usr/cmake/yamlConfigVersion.cmake
The is no /usr/lib/pkgconfig/yaml-0.1.pc (or equivalent.
Also, /usr/lib/libyaml.so is a regular file. Normally we shoudl have
/usr/lib/libyaml-0.so.2.0.6
/usr/lib/libyaml-0.so.2
/usr/lib/libyaml.so
Where the first file is the regular file and the last two are symlinks.
The autotools build is OK, but bootstrap was not run before packaging.
It'd be nice to have our tests run the tests from https://github.com/ingydotnet/yaml-dev-kit as well
Pardon me, but C is no my first language and I am having a really hard time grasping how to simply modify a node in a yaml file. My current approach, which may be entirely wrong is to parse the yaml file, loop through the events to output scalar data, modify the event scalar data if possible and emit it to a file (ideally the same file). Is this possible and if so can someone please point me to an example?
There are official Docker hub images for each of these:
We should take advantage of this and test on a few versions to try to cover enough different distros as possible.
I was trying to install libyaml 0.1.7 on windows 8.1 using MinGW64. The configure step was fine. However, there was an error when building the test.
I am using gcc 5.2.
Could you give me some hints on what could have gone wrong?
Here are the steps I took.
./configure --prefix=D:/install/libyaml
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.exe
checking for suffix of executables... .exe
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking whether ln -s works... no, using cp -pR
checking whether make sets $(MAKE)... (cached) yes
checking build system type... x86_64-pc-mingw64
checking host system type... x86_64-pc-mingw64
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... D:/install/HaskellPlatform/8.0.1/mingw/bin/ld.exe
checking if the linker (D:/install/HaskellPlatform/8.0.1/mingw/bin/ld.exe) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /d/install/HaskellPlatform/8.0.1/mingw/bin/nm -B
checking the name lister (/d/install/HaskellPlatform/8.0.1/mingw/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 8192
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-pc-mingw64 file names to x86_64-pc-mingw64 format... func_convert_file_msys_to_w32
checking how to convert x86_64-pc-mingw64 file names to toolchain format... func_convert_file_msys_to_w32
checking for D:/install/HaskellPlatform/8.0.1/mingw/bin/ld.exe option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... file_magic ^x86 archive import|^x86 DLL
checking for dlltool... dlltool
checking how to associate runtime and link libraries... func_cygming_dll_for_implib
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /d/install/HaskellPlatform/8.0.1/mingw/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... no
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -DDLL_EXPORT -DPIC
checking if gcc PIC flag -DDLL_EXPORT -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (D:/install/HaskellPlatform/8.0.1/mingw/bin/ld.exe) supports shared libraries... yes
checking whether -lc should be explicitly linked in... yes
checking dynamic linker characteristics... Win32 ld.exe
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for doxygen... true
checking for ANSI C header files... (cached) yes
checking for stdlib.h... (cached) yes
checking for an ANSI C-conforming const... yes
checking for size_t... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating yaml-0.1.pc
config.status: creating include/Makefile
config.status: creating src/Makefile
config.status: creating Makefile
config.status: creating tests/Makefile
config.status: creating win32/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
make
D:/install/MinGW64/bin/make all-recursive
make[1]: Entering directory 'G:/DEVELOP/yaml/yaml-0.1.7'
Making all in include
make[2]: Entering directory 'G:/DEVELOP/yaml/yaml-0.1.7/include'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory 'G:/DEVELOP/yaml/yaml-0.1.7/include'
Making all in src
make[2]: Entering directory 'G:/DEVELOP/yaml/yaml-0.1.7/src'
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT api.lo -MD -MP -MF .deps/api.Tpo -c -o api.lo api.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT api.lo -MD -MP -MF .deps/api.Tpo -c api.c -DDLL_EXPORT -DPIC -o .libs/api.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT api.lo -MD -MP -MF .deps/api.Tpo -c api.c -o api.o >/dev/null 2>&1
mv -f .deps/api.Tpo .deps/api.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT reader.lo -MD -MP -MF .deps/reader.Tpo -c -o reader.lo reader.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT reader.lo -MD -MP -MF .deps/reader.Tpo -c reader.c -DDLL_EXPORT -DPIC -o .libs/reader.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT reader.lo -MD -MP -MF .deps/reader.Tpo -c reader.c -o reader.o >/dev/null 2>&1
mv -f .deps/reader.Tpo .deps/reader.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT scanner.lo -MD -MP -MF .deps/scanner.Tpo -c -o scanner.lo scanner.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT scanner.lo -MD -MP -MF .deps/scanner.Tpo -c scanner.c -DDLL_EXPORT -DPIC -o .libs/scanner.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT scanner.lo -MD -MP -MF .deps/scanner.Tpo -c scanner.c -o scanner.o >/dev/null 2>&1
mv -f .deps/scanner.Tpo .deps/scanner.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT parser.lo -MD -MP -MF .deps/parser.Tpo -c -o parser.lo parser.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT parser.lo -MD -MP -MF .deps/parser.Tpo -c parser.c -DDLL_EXPORT -DPIC -o .libs/parser.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT parser.lo -MD -MP -MF .deps/parser.Tpo -c parser.c -o parser.o >/dev/null 2>&1
mv -f .deps/parser.Tpo .deps/parser.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT loader.lo -MD -MP -MF .deps/loader.Tpo -c -o loader.lo loader.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT loader.lo -MD -MP -MF .deps/loader.Tpo -c loader.c -DDLL_EXPORT -DPIC -o .libs/loader.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT loader.lo -MD -MP -MF .deps/loader.Tpo -c loader.c -o loader.o >/dev/null 2>&1
mv -f .deps/loader.Tpo .deps/loader.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT writer.lo -MD -MP -MF .deps/writer.Tpo -c -o writer.lo writer.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT writer.lo -MD -MP -MF .deps/writer.Tpo -c writer.c -DDLL_EXPORT -DPIC -o .libs/writer.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT writer.lo -MD -MP -MF .deps/writer.Tpo -c writer.c -o writer.o >/dev/null 2>&1
mv -f .deps/writer.Tpo .deps/writer.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT emitter.lo -MD -MP -MF .deps/emitter.Tpo -c -o emitter.lo emitter.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT emitter.lo -MD -MP -MF .deps/emitter.Tpo -c emitter.c -DDLL_EXPORT -DPIC -o .libs/emitter.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT emitter.lo -MD -MP -MF .deps/emitter.Tpo -c emitter.c -o emitter.o >/dev/null 2>&1
mv -f .deps/emitter.Tpo .deps/emitter.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT dumper.lo -MD -MP -MF .deps/dumper.Tpo -c -o dumper.lo dumper.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT dumper.lo -MD -MP -MF .deps/dumper.Tpo -c dumper.c -DDLL_EXPORT -DPIC -o .libs/dumper.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT dumper.lo -MD -MP -MF .deps/dumper.Tpo -c dumper.c -o dumper.o >/dev/null 2>&1
mv -f .deps/dumper.Tpo .deps/dumper.Plo
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=link gcc -g -O2 -release 0 -version-info 2:5:0 -o libyaml.la -rpath D:/install/libyaml/0.1.7/lib api.lo reader.lo scanner.lo parser.lo loader.lo writer.lo emitter.lo dumper.lo
libtool: link: warning: undefined symbols not allowed in x86_64-pc-mingw64 shared libraries
libtool: link: ar cru .libs/libyaml.a api.o reader.o scanner.o parser.o loader.o writer.o emitter.o dumper.o libtool: link: ranlib .libs/libyaml.a
libtool: link: ( cd ".libs" && rm -f "libyaml.la" && cp -pR "../libyaml.la" "libyaml.la" )
make[2]: Leaving directory 'G:/DEVELOP/yaml/yaml-0.1.7/src'
Making all in .
make[2]: Entering directory 'G:/DEVELOP/yaml/yaml-0.1.7'
make[2]: Nothing to be done for 'all-am'.
make[2]: Leaving directory 'G:/DEVELOP/yaml/yaml-0.1.7'
Making all in tests
make[2]: Entering directory 'G:/DEVELOP/yaml/yaml-0.1.7/tests'
gcc -DHAVE_CONFIG_H -I. -I.. -I../include -g -O2 -MT run-scanner.o -MD -MP -MF .deps/run-scanner.Tpo -c -o run-scanner.o run-scanner.c
mv -f .deps/run-scanner.Tpo .deps/run-scanner.Po
D:/install/Git/2.11.0/usr/bin/sh.exe ../libtool --tag=CC --mode=link gcc -g -O2 -o run-scanner.exe run-scanner.o ../src/libyaml.la
libtool: link: gcc -g -O2 -o .libs/run-scanner.exe run-scanner.o ../src/.libs/libyaml.a
run-scanner.o: In function `main':
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:16: undefined reference to `__imp_yaml_parser_scan'
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:49: undefined reference to `__imp_yaml_token_delete'
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:36: undefined reference to `__imp_yaml_parser_initialize'
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:38: undefined reference to `__imp_yaml_parser_set_input_file'
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:54: undefined reference to `__imp_yaml_parser_delete'
G:\DEVELOP\yaml\yaml-0.1.7\tests/run-scanner.c:54: undefined reference to `__imp_yaml_parser_delete'
collect2.exe: error: ld returned 1 exit status
make[2]: *** [Makefile:630: run-scanner.exe] Error 1
make[2]: Leaving directory 'G:/DEVELOP/yaml/yaml-0.1.7/tests'
make[1]: *** [Makefile:445: all-recursive] Error 1
make[1]: Leaving directory 'G:/DEVELOP/yaml/yaml-0.1.7'
make: *** [Makefile:353: all] Error 2
It seems that yaml_emitter_dump() is proper way to dump document object.
but after yaml_emitter_dump() called, document object destroied since it calls yaml_emitter_delete_document_and_anchors() internally.
As a workaround, I'm currently deep-copying document object before passing it to yaml_emitter_dump(). but there is a more nice way to do this.
Is this still a mirror of http://svn.pyyaml.org/libyaml/ ? It seems out of sync?
Where should pull requests for YAML 1.2 spec be submitted?
Release 0.2.1 does not contain the file yamlConfig.cmake.in. This is required for the CMake build.
I'm unsure how the release is built and whether this has already been fixed for the upcoming release.
I'm a Windows user. I try to compile it in cygwin.
It may be a stupid question, but I have little experience on Linux and don't know to compile correctly. I ran the following command, but fails.
gqqnbig@DESKTOP-FHIBPCT /cygdrive/b/libyaml
$ ./configure
-bash: ./configure: No such file or directory
gqqnbig@DESKTOP-FHIBPCT /cygdrive/b/libyaml
$ ./configure.ac
./configure.ac: Line 2: $'\r': command not found
./configure.ac: Line 4: unexpected symbol, syntax error near `[YAML_MAJOR],'
'/configure.ac: Line 4: `m4_define([YAML_MAJOR], 0)
CMakeLists.txt file contains the VERSION information that refer to 0.1.7
Please remember to update for the next release.
@sigmavirus24 and @ingydotnet are taking over maintenance of libyaml from @xitology.
The first step is to migrate the Mercurial repos on BitBucket to Git repos on GitHub. We hope this will make for a truly collaborative community maintenance environment.
Here are the steps being taken:
old/$nameAfter this we will:
LibYAML would like to start continuously testing on Windows with AppVeyor, but the current maintainers are unfamiliar with developing on Windows.
curl utilizes AppVeyor and may be helpful for people who can help us get this started.
The following YAML demonstrates a case where a document-end marker is important and should not be omitted:
foo: |+
foo
...
libyaml should emit it even if implicit is true. Currently it does not, pyyaml and ruamel do.
Demo:
libyaml % echo '+STR
+DOC
=VAL |foo\n\n\n
-DOC
-STR' | ./tests/run-emitter-test-suite
|+
foo
libyaml %
I think it would help if the README or some other piece of top-level documentation provided some guidance regarding what version or versions of the YAML spec this library aims to support, and how fully it supports that spec.
On my Mac (10.13.4), I received this error running bootstrap:
โฏ ./bootstrap
./bootstrap: line 3: exec: autoreconf: not found
I ran:
brew install autoconf automake libtool
and then the README instructions worked.
If you download:
http://pyyaml.org/download/libyaml/yaml-0.2.2.tar.gz
And e. g. try to repackage it, you get this:
tar -zxvf /Users/x/SRC/yaml/yaml-0.2.2.tar.gz -C /Depot/Temp/
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
If you then use file on it:
file yaml-0.2.2.tar.gz
You get:
yaml-0.2.2.tar.gz: HTML document, ASCII text, with no line terminators
Not sure what/where the problem is but previous releases worked fine; perhaps
something was automated but did not properly work. The .tar.gz but also the
.zip files do not appear to contain the code to yaml 0.2.2. The older releases
e. g. yaml-0.2.1.* still work fine. Just reporting this, feel free to close this at
any moment in time. :)
This will let github users see the test status.
If you look at
https://github.com/yaml/libyaml-test/blob/master/test/libyaml-emitter.skip#L4
you'll see that the emitter test skips 12 tests because libyaml emits an extra
space at the end of a line where an empty string is emitted for a null value.
Using underscore to show a space char, libyaml emits:
foo:_
bar:
-_
To emit this data:
{"foo":null,"bar":[null]}
This is obviously because libyaml emits a space right after - or : which is
right most of the time.
Depending on when the output buffer is actually flushed, we might be able to do
an easy fix of backing up before the space when we get to a null value. Need to
look at the code.
https://github.com/yaml/libyaml/blob/master/CMakeLists.txt#L70-L78
I've never seen this sort of notation in a CMakeLists.txt before, and I don't
want to break the project's build with major changes to it.
Hello YAML team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
YAML (tested with revision * master 01f3a87).
To reproduce, we are attaching Dockerfiles which compile the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
TL;DR instructions:
mkdir projectcp Dockerfile.YAML /path/to/project/Dockerfiledocker build --no-cache /path/to/projectdocker run -it image_id_from_docker_buildFrom another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer
(reference: https://docs.docker.com/engine/reference/commandline/cp/)
And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducer
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
=================================================================
==11==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc65f40ef8 (pc 0x0000004b7057 bp 0x7ffc65f41770 sp 0x7ffc65f40f00 T0)
#0 0x4b7056 in __asan_memcpy (/fuzzing/yaml_fuzzer+0x4b7056)
#1 0x7fd318ef049d in yaml_parser_save_simple_key /fuzzing/libyaml/src/scanner.c:1119:35
#2 0x7fd318ee734f in yaml_parser_fetch_flow_collection_start /fuzzing/libyaml/src/scanner.c:1456:10
#3 0x7fd318ee3257 in yaml_parser_fetch_more_tokens /fuzzing/libyaml/src/scanner.c:846:14
#4 0x7fd318f06a86 in yaml_parser_parse_flow_sequence_entry /fuzzing/libyaml/src/parser.c:961:13
#5 0x7fd318f0b4f1 in yaml_parser_load_sequence /fuzzing/libyaml/src/loader.c:355:10
#6 0x7fd318f0b5cb in yaml_parser_load_sequence /fuzzing/libyaml/src/loader.c:361:22
[...]
#251 0x7fd318f0b5cb in yaml_parser_load_sequence /fuzzing/libyaml/src/loader.c:361:22
SUMMARY: AddressSanitizer: stack-overflow (/fuzzing/yaml_fuzzer+0x4b7056) in __asan_memcpy
==11==ABORTING
And:
=================================================================
==11==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe61b66f18 (pc 0x0000004b7057 bp 0x7ffe61b67790 sp 0x7ffe61b66f20 T0)
#0 0x4b7056 in __asan_memcpy (/fuzzing/yaml_fuzzer+0x4b7056)
#1 0x7fb88e1ad49d in yaml_parser_save_simple_key /fuzzing/libyaml/src/scanner.c:1119:35
#2 0x7fb88e1a434f in yaml_parser_fetch_flow_collection_start /fuzzing/libyaml/src/scanner.c:1456:10
#3 0x7fb88e1a0257 in yaml_parser_fetch_more_tokens /fuzzing/libyaml/src/scanner.c:846:14
#4 0x7fb88e1c4e2e in yaml_parser_parse_flow_mapping_key /fuzzing/libyaml/src/parser.c:1112:13
#5 0x7fb88e1c8f42 in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:418:10
#6 0x7fb88e1c902e in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:424:20
[...]
#251 0x7f718697402e in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:424:20
SUMMARY: AddressSanitizer: stack-overflow (/fuzzing/yaml_fuzzer+0x4b7056) in __asan_memcpy
==11==ABORTING
Without some kind of depth limit (even if the default behavior is "unbounded"),
library users parsing untrusted YAML files need to use workarounds such as
preprocessors that will reject invalid payloads, use separate processes for
parsing to compartmentalize impact of a crash, or prevent them from parsing
non-trusted payloads at all.
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
artifacts_72997432.zip
artifacts_73012922.zip
So, I've been doing some comparisons on the speed of various build
types and thought I'd report it here for possible adjustments to how
the ci's do their jobs:
cmake with gnu make backend
time cmake ..
real 0m0.324s
user 0m0.234s
sys 0m0.090s
time make -j1
real 0m2.520s
user 0m2.154s
sys 0m0.359s
cmake with ninja 'make' backend
time cmake .. -G"Ninja"
real 0m0.267s
user 0m0.204s
sys 0m0.064s
time ninja -j1
real 0m2.264s
user 0m1.997s
sys 0m0.264s
autotools ./configure && make
time ./configure
real 0m1.474s
user 0m1.111s
sys 0m0.492s
time make -j1
real 0m8.052s
user 0m7.643s
sys 0m0.456s
As you can see, using the autotools ./configure is something like 5-6 times slower,
and make is much faster using the cmake generated Makefile's.
Perhaps it would be a good idea to switch the ci over to cmake & ninja if possible.
Remove run*, test* and example-deconstructor* example-reformatter* rules from .gitignore.
Case:
Expected result:
Actual result:
Error that I get:
make[2]: Entering directory '/tmp/rt/lib/libyaml/tests' make[2]: *** No rule to make target 'run-scanner.c', needed by 'run-scanner.o'. Stop.
Hello,
I tried to use libyaml with visual studio 2015 community for a C project. I downloaded version 0.1.7 and build it with cmake and visual studio. So without any additional changes the build works fine i think. I get a yaml.lib in my output. After that I tried to use the yaml.lib in my project. I integrated the static lib but I get these errors.
1>OLDNAMES.lib(strdup.obi) : error LNK2001: unresolved external symbol __imp__strdup
1>OLDNAMES.lib(strdup.obi) : error LNK2001: unresolved external symbol __imp___strdup
1>MSVCRTD.lib(_chandler4gs_.obj) : error LNK2019: unresolved external symbol __except_handler4_common referenced in function __except_handler4
Do I need any additional defines for building the lib? Or do I need any in my project where I would like to use the lib? I did not found any information in the web about building and using i this way for windows 7.
I also checked the platform toolset so did not find any solution...
many thanks
The package name is yaml-0.2.2.tar.gz, but it expands to libyaml-0.2.2/. This is inconsistent. I suggest renaming the package libyaml-x.y.z as it only installs a library and supporting files.
git clone https://github.com/yaml/libyaml.git
sudo yum -y install gcc libtool make
cd libyaml/
./bootstrap
./configure
make
sudo make install
luarocks install lyaml
ERROR:
Installing https://luarocks.org/lyaml-6.2.4-1.src.rock
/home/ec2-user/lua/bin/lua build-aux/luke package="lyaml" version="6.2.4" PREFIX="/home/ec2-user/luarocks/lib/luarocks/rocks-5.1/lyaml/6.2.4-1" CFLAGS="-O2 -fPIC" LIBFLAG="-shared" LIB_EXTENSION="so" OBJ_EXTENSION="o" LUA="/home/ec2-user/lua/bin/lua" LUA_DIR="/home/ec2-user/luarocks/lib/luarocks/rocks-5.1/lyaml/6.2.4-1/lua" LUA_INCDIR="/home/ec2-user/lua/include" YAML_DIR="/usr/local" YAML_INCDIR="/usr/local/include" YAML_LIBDIR="/usr/local/lib"
luke: fatal: required symbol 'yaml_document_initialize' not found in any of libc, libyaml
Error: Build error: Failed building.
Hi,
yaml_parser_fetch_directive function does have and others where
this statement is used (!yaml_parser_unroll_indent(parser, -1)) are vulnerable to heap based buffer overflow.
i have a feature request - at same time it's a bug in the current version
i get this error message: "problem: mapping values are not allowed in this context"
with following yaml-source-code:
crypt: true
algorithm: AES
key: abc
reason is the 'false'-value for 'crypt'.
with following yaml-source-code i don't get the error and it works the way i need it.
i want activate/deactive a group of key/value-pairs (this is my feature request)
crypt: true
# comment
algorithm: AES
# comment
key: abc
this is working like a charm - but i want write you, because maybe its in next version an official feature - i hope so
greetz & best regards
thanks for the library
edit @perlpunk repair code markers
libyaml appears to allow a single-quote escape sequence that is NOT allowed by YAML 1.1+.
From the spec, at http://yaml.org/spec/1.1/#id872840, you can see that double quote is a valid escape but single quote is not.
This has been reported as a JRuby bug multiple times because MRI (C Ruby) uses libyaml for its YAML engine. See jruby/jruby#2199, jruby/jruby#4847, and https://bugs.ruby-lang.org/issues/14096.
At this time, neither we nor the YAML library we use (SnakeYAML) plan to support this illegal character. I think it would be best for all YAML consumers if libyaml stuck to the spec here.
I found a problem that wrong tree generated by document parser.
main:
workers: 4
port: 1081
listen-address: '::'
proto: &generic
request: 'this is a request.'
response: 'this is a response.'
servers:
usa:
port: 80
address: 1.2.3.4
password: 'this is a password.'
protocol: *generic#include <stdio.h>
#include <unistd.h>
#include <yaml.h>
static void
traverse (yaml_document_t *doc, yaml_node_t *node, int depth)
{
switch (node->type) {
case YAML_NO_NODE:
break;
case YAML_SCALAR_NODE:
{
printf ("%d %s\n", depth, node->data.scalar.value);
break;
}
case YAML_SEQUENCE_NODE:
{
yaml_node_item_t *i;
for (i = node->data.sequence.items.start;
i <= node->data.sequence.items.top; i++) {
yaml_node_t *n;
n = yaml_document_get_node (doc, *i);
if (!n)
continue;
traverse (doc, n, depth+1);
}
break;
}
case YAML_MAPPING_NODE:
{
yaml_node_pair_t *p;
for (p = node->data.mapping.pairs.start;
p <= node->data.mapping.pairs.top; p++) {
yaml_node_t *n;
n = yaml_document_get_node (doc, p->key);
if (!n)
continue;
traverse (doc, n, depth+1);
n = yaml_document_get_node (doc, p->value);
if (!n)
continue;
traverse (doc, n, depth+1);
}
break;
}
}
}
int
main (int argc, char *argv[])
{
FILE *fp;
yaml_parser_t parser;
yaml_document_t doc;
yaml_node_t *node;
fp = fopen (argv[1], "r");
if (!fp)
return -1;
if (!yaml_parser_initialize (&parser))
return -1;
yaml_parser_set_input_file (&parser, fp);
if (!yaml_parser_load (&parser, &doc))
return -1;
node = yaml_document_get_root_node (&doc);
traverse (&doc, node, 0);
yaml_document_delete (&doc);
yaml_parser_delete (&parser);
fclose (fp);
return 0;
}libyaml 0.2.2 on Linux x86_64
gcc -O3 -o parser parser.c -lyaml
./parser main.yml > output.txt1 main
2 workers
2 4
2 port
2 1081
2 listen-address
2 ::
1 proto
2 request
2 this is a request.
2 response
2 this is a response.
1 servers
2 usa
3 port
3 80
3 address
3 1.2.3.4
3 password
3 this is a password.
3 protocol
4 request
4 this is a request.
4 response
4 this is a response.
1 main
2 workers
2 4
2 port
2 1081
2 listen-address
2 ::
1 proto
2 request
2 this is a request.
2 response
2 this is a response.
1 servers
2 usa
3 port
3 80
3 address
3 1.2.3.4
3 password
3 this is a password.
3 protocol
4 request
4 this is a request.
4 response
4 this is a response.
4 main
5 workers
5 4
5 port
5 1081
5 listen-address
5 ::
4 proto
5 request
5 this is a request.
5 response
5 this is a response.
4 servers
5 usa
6 port
6 80
6 address
6 1.2.3.4
6 password
6 this is a password.
6 protocol
7 request
7 this is a request.
7 response
7 this is a response.
7 main
8 workers
8 4
8 port
8 1081
8 listen-address
8 ::
7 proto
8 request
8 this is a request.
8 response
8 this is a response.
7 servers
8 usa
9 port
9 80
9 address
9 1.2.3.4
9 password
9 this is a password.
9 protocol
10 request
10 this is a request.
10 response
...
...
...
Hi, I'd like YAML 1.2 support.
Hello YAML team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
YAML (tested with revision * master 01f3a87).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
Instructions:
unzip artifacts_76120275.zip
docker build --build-arg SANITIZER=address --tag=autofuzz-YAML-76120275 autofuzz_76120275
docker run --entrypoint /fuzzing/repro.sh --cap-add=SYS_PTRACE -v $PWD//tmp/autofuzz-triageh4t4gQ/poc-75bfed4a06b11bc47ecadb751368d959e06a8683a3072433cf38e8d5a749a5cb_min:/tmp/poc autofuzz-YAML-76120275 "" /tmp/poc
docker run --cap-add=SYS_PTRACE -v $PWD//tmp/autofuzz-triageh4t4gQ/poc-75bfed4a06b11bc47ecadb751368d959e06a8683a3072433cf38e8d5a749a5cb_min:/tmp/poc -it autofuzz-YAML-76120275
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
INFO: Seed: 2583088599
INFO: Loaded 0 modules (0 guards):
/fuzzing/yaml_fuzzer: Running 1 inputs 500 time(s) each.
Running: /tmp/poc-75bfed4a06b11bc47ecadb751368d959e06a8683a3072433cf38e8d5a749a5cb
=================================================================
==7==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1536 byte(s) in 1 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2cbfe02 in yaml_parser_load /fuzzing/libyaml/src/loader.c:75:10
#2 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#3 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#4 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Direct leak of 1536 byte(s) in 1 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2c961ef in yaml_document_initialize /fuzzing/libyaml/src/api.c:1059:10
#2 0x519e2d in copy_document /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2176:10
#3 0x51b2ac in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2370:21
#4 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#5 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 286 byte(s) in 13 object(s) allocated from:
#0 0x446200 in __strdup (/fuzzing/yaml_fuzzer+0x446200)
#1 0x7fbfb2c96f0b in yaml_document_add_scalar /fuzzing/libyaml/src/api.c:1215:16
#2 0x519f2e in copy_document /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2186:22
#3 0x51b2ac in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2370:21
#4 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#5 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 220 byte(s) in 10 object(s) allocated from:
#0 0x446200 in __strdup (/fuzzing/yaml_fuzzer+0x446200)
#1 0x7fbfb2cc0b56 in yaml_parser_load_scalar /fuzzing/libyaml/src/loader.c:293:15
#2 0x7fbfb2cc21a5 in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:427:22
#3 0x7fbfb2cc048c in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:184:10
#4 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#5 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#6 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#7 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 160 byte(s) in 10 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2cb2de9 in yaml_parser_scan_plain_scalar /fuzzing/libyaml/src/scanner.c:3400:10
#2 0x7fbfb2ca0621 in yaml_parser_fetch_plain_scalar /fuzzing/libyaml/src/scanner.c:1903:10
#3 0x7fbfb2c99de7 in yaml_parser_fetch_more_tokens /fuzzing/libyaml/src/scanner.c:846:14
#4 0x7fbfb2cbbfc7 in yaml_parser_parse_block_mapping_value /fuzzing/libyaml/src/parser.c:911:17
#5 0x7fbfb2cc2192 in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:426:14
#6 0x7fbfb2cc048c in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:184:10
#7 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#8 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#9 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#10 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2cc1cc2 in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:405:10
#2 0x7fbfb2cc048c in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:184:10
#3 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#4 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#5 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#6 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2c97924 in yaml_document_add_mapping /fuzzing/libyaml/src/api.c:1315:10
#2 0x519fcd in copy_document /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2195:22
#3 0x51b2ac in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2370:21
#4 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#5 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 66 byte(s) in 3 object(s) allocated from:
#0 0x446200 in __strdup (/fuzzing/yaml_fuzzer+0x446200)
#1 0x7fbfb2cc0b56 in yaml_parser_load_scalar /fuzzing/libyaml/src/loader.c:293:15
#2 0x7fbfb2cc217c in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:424:20
#3 0x7fbfb2cc048c in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:184:10
#4 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#5 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#6 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#7 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 48 byte(s) in 3 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2cb2de9 in yaml_parser_scan_plain_scalar /fuzzing/libyaml/src/scanner.c:3400:10
#2 0x7fbfb2ca0621 in yaml_parser_fetch_plain_scalar /fuzzing/libyaml/src/scanner.c:1903:10
#3 0x7fbfb2c99de7 in yaml_parser_fetch_more_tokens /fuzzing/libyaml/src/scanner.c:846:14
#4 0x7fbfb2cbb605 in yaml_parser_parse_block_mapping_key /fuzzing/libyaml/src/parser.c:846:13
#5 0x7fbfb2cc22cd in yaml_parser_load_mapping /fuzzing/libyaml/src/loader.c:432:14
#6 0x7fbfb2cc048c in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:184:10
#7 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#8 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#9 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#10 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 36 byte(s) in 13 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2c96f56 in yaml_document_add_scalar /fuzzing/libyaml/src/api.c:1223:18
#2 0x519f2e in copy_document /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2186:22
#3 0x51b2ac in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2370:21
#4 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#5 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4de288 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4de288)
#1 0x7fbfb2cb903f in yaml_parser_parse_node /fuzzing/libyaml/src/parser.c:608:31
#2 0x7fbfb2cc0476 in yaml_parser_load_document /fuzzing/libyaml/src/loader.c:182:10
#3 0x7fbfb2cbffec in yaml_parser_load /fuzzing/libyaml/src/loader.c:98:10
#4 0x51b42d in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2401:22
#5 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#6 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x446200 in __strdup (/fuzzing/yaml_fuzzer+0x446200)
#1 0x7fbfb2c9790e in yaml_document_add_mapping /fuzzing/libyaml/src/api.c:1312:16
#2 0x519fcd in copy_document /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2195:22
#3 0x51b2ac in dumper_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2370:21
#4 0x51d52c in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2815:13
#5 0x5287be in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x5287be)
SUMMARY: AddressSanitizer: 4152 byte(s) leaked in 58 allocation(s).
INFO: a leak has been found in the initial corpus.
INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
artifacts_76120275.zip
I followed all following steps but still not able to install :
Tests succeed, but I get these errors:
make -C tests/run-test-suite test
make[1]: Entering directory '/tmp/libyaml/tests/run-test-suite'
git branch --track run-test-suite-code origin/run-test-suite-code
fatal: A branch named 'run-test-suite-code' already exists.
Makefile:28: recipe for target 'code' failed
make[1]: [code] Error 128 (ignored)
git worktree prune
git worktree add test run-test-suite-code
fatal: 'test' already exists
Makefile:28: recipe for target 'code' failed
make[1]: [code] Error 128 (ignored)
(cd test && git reset --hard c0a4e7a388658bffa53078a6ac28b3d2e118861b)
HEAD is now at c0a4e7a Initial commit
prove -lv test
test/libyaml-emitter.t .......
ok 1 229Q: Spec Example 2.4. Sequence of Mappings
...
The .pc file should be configured and installed from the CMakeLists.txt; currently only autotools is configuring it.
Hello YAML team,
As part of our fuzzing efforts at Google, we have identified an issue affecting
YAML (tested with revision * master d050fe3).
To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/
TL;DR instructions:
artifacts_71768558.zip
mkdir projectcp Dockerfile.YAML /path/to/project/Dockerfiledocker build --no-cache /path/to/projectdocker run -it image_id_from_docker_buildFrom another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer
(reference: https://docs.docker.com/engine/reference/commandline/cp/)
And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducer
Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:
INFO: Seed: 1568918539
/fuzzing/yaml_fuzzer: Running 1 inputs 1 time(s) each.
Running: /tmp/poc
Executed /tmp/poc in 2 ms
=================================================================
==11==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x4ce128 in __interceptor_malloc (/fuzzing/yaml_fuzzer+0x4ce128)
#1 0x7f1a9c500c89 in yaml_parser_scan_plain_scalar /fuzzing/libyaml/src/scanner.c:3400:10
#2 0x7f1a9c4eddf8 in yaml_parser_fetch_plain_scalar /fuzzing/libyaml/src/scanner.c:1903:10
#3 0x7f1a9c4e7257 in yaml_parser_fetch_more_tokens /fuzzing/libyaml/src/scanner.c:846:14
#4 0x7f1a9c507193 in yaml_parser_parse_node /fuzzing/libyaml/src/parser.c:582:21
#5 0x7f1a9c50a767 in yaml_parser_parse_block_mapping_value /fuzzing/libyaml/src/parser.c:919:20
#6 0x50dd01 in emitter_main /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2634:18
#7 0x50e858 in LLVMFuzzerTestOneInput /fuzzing/security-research-pocs/autofuzz/yaml_fuzzer.cc:2814:13
#8 0x51544c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/fuzzing/yaml_fuzzer+0x51544c)
#9 0x50e91c in main (/fuzzing/yaml_fuzzer+0x50e91c)
SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team
It would be really helpful if there was a simple yaml command-line utility, similar to how this c-implementation of mustache templates includes a mustach tool.
See also: jq
I just realized, that make test-suite fails when run on a system without libyaml installed:
./src/libyaml-parser: error while loading shared libraries: libyaml-0.so.2:
cannot open shared object file: No such file or directory
So some Makefile needs to be fixed.
Hi!
I've encountered the following error. When sequence items are not indented, they don't generate YAML_BLOCK_SEQUENCE_START_TOKEN before first item, but immediately YAML_BLOCK_ENTRY_TOKEN.
Event parser behaves equaly regardless of indentation.
Is this a bug or a feature?
indented:
seq:
- item1
- item2
output from token parser:
STREAM START
[Block mapping]
(Key token) scalar seq
(Value token) <b>Start Block (Sequence)</b>
<b>Start Block (Entry)</b>
scalar item1
<b>Start Block (Entry)</b>
scalar item2
<b>End block</b>
<b>End block</b>
STREAM END
not idented sequence:
seq:
- item1
- item2
parser output:
STREAM START
[Block mapping]
(Key token) scalar seq
(Value token) <b>Start Block (Entry)</b>
scalar item1
<b>Start Block (Entry)</b>
scalar item2
<b>End block</b>
STREAM END
test parser used:
While they are not explicitly mentioned in the YAML 1.1 or 1.2 spec, the following is valid JSON:
{ "unicode": "surrogate pair \ud83d\udcaf" }
Same as
{ "unicode": "surrogate pair ๐ฏ" }
Currently libyaml simply rejects such escapes. So it wouldn't hurt to support those escape sequences.
js-yaml and SnakeYAML support it, too.
So it seems the OSX failure on travis is not yet fixed, it's happening again:
https://travis-ci.org/yaml/libyaml/builds/310159760
https://travis-ci.org/yaml/libyaml/jobs/310159764#L468
When running test/libyaml-emitter.t, it calls libyaml-emitter, which should be built from libyaml-emitter.c
Instead these lines are executed before the tests:
cp /Users/travis/build/yaml/libyaml/tests/.libs/run-parser libyaml-parser
cp /Users/travis/build/yaml/libyaml/tests/.libs/run-emitter libyaml-emitter
any hints appreciated
Currently, there is no way to write or read comments using this library.
I understand that comments are intended only for humans, so parsing them into runtime model makes little sense. However, there might be a valid case when some runtime model is written to a file that will be read by humans. Imagine an auto-generated configuration file annotated with comments for further human editing.
This would also allow editing files using this lib without losing human-created coments (even if the exact formatting would be lost).
Supporting comments would probably require these new public APIs:
YAML_COMMENT_TOKEN in enum yaml_token_type_tYAML_COMMENT_EVENT in enum yaml_event_type_tyaml_comment_event_initialize(yaml_event_t *event, yaml_char_t *content)no example parse a document ,so difficult to use in our program,
for example,how to parse follows document ,
- name: Ogre
position: [0, 5, 0]
powers:
- name: Club
damage: 10
- name: Fist
damage: 8
- name: Dragon
position: [1, 0, 10]
powers:
- name: Fire Breath
damage: 25
- name: Claws
damage: 15
- name: Wizard
position: [5, -3, 0]
powers:
- name: Acid Rain
damage: 50
- name: Staff
damage: 3edit @perlpunk: Format YAML snippet as code to prevent it being parsed as markdown
the system is complex. No array, no list, just a collection of "stack", where struct contains 3 fields (start, end, top).
How initialize document with tag directives ? How add these directives after initialization ?
and how remove directive from document ?
(of course, same questions are available for nodes)
Thanks.
Like pyyaml (as of February 2019), Unicode anchor and alias names are not supported. Trying to use anchors something like
- &ๆฑ "There's a guy in the place who's got a bittersweet face"
Gives "did not find expected alphabetic or numeric character" errors in the context "while scanning an anchor." This causes issues not only in the parser itself, but also in dependencies like pyyaml:
I'm currently working on a patch.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.