Fix #426 (SnakeYAML upgraded 2.0->2.1)

cowtowncoder · cowtowncoder · commit 1ddb9ee15878 · 2023-08-24T19:44:08.000-07:00
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -14,6 +14,14 @@ Active Maintainers:
 === Releases ===
 ------------------------------------------------------------------------
 
+2.15.3 (not yet released)
+
+#400: (yaml) `IllegalArgumentException` when attempting to decode invalid UTF-8
+  surrogate by SnakeYAML (oss-fuzz 50431)
+#406: (yaml) NumberFormatException from SnakeYAML due to int overflow for
+  corrupt YAML version
+#426: (yaml) Update to SnakeYAML 2.1
+
 2.15.2 (30-May-2023)
 
 No changes since 2.15.1
diff --git a/yaml/pom.xml b/yaml/pom.xml
@@ -34,7 +34,7 @@
     <dependency>
       <groupId>org.yaml</groupId>
       <artifactId>snakeyaml</artifactId>
-      <version>2.0</version>
+      <version>2.1</version>
     </dependency>
 
      <!-- and for testing need annotations; but should be available via `jackson-databind` above
diff --git a/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/deser/FuzzYAMLRead_400_50431Test.java b/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/deser/FuzzYAMLRead_400_50431Test.java
@@ -1,4 +1,4 @@
-package com.fasterxml.jackson.dataformat.yaml.failing;
+package com.fasterxml.jackson.dataformat.yaml.deser;
 
 import com.fasterxml.jackson.core.exc.StreamReadException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -23,7 +23,7 @@ public void testUnicodeDecoding50431() throws Exception
         } catch (StreamReadException e) {
             // Not sure what to verify, but should be exposed as one of Jackson's
             // exceptions (or possibly IOException)
-            verifyException(e, "Not a valid Unicode code point: 0xE30EEE");
+            verifyException(e, "found unknown escape character E30EEE");
         }
     }
 }
diff --git a/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/deser/FuzzYAMLRead_406_56902Test.java b/yaml/src/test/java/com/fasterxml/jackson/dataformat/yaml/deser/FuzzYAMLRead_406_56902Test.java
@@ -1,4 +1,4 @@
-package com.fasterxml.jackson.dataformat.yaml.failing;
+package com.fasterxml.jackson.dataformat.yaml.deser;
 
 import com.fasterxml.jackson.core.exc.StreamReadException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -30,7 +30,7 @@ public void testVersionNumberParsing56902() throws Exception
         } catch (StreamReadException e) {
             // Not sure what to verify, but should be exposed as one of Jackson's
             // exceptions (or possibly IOException)
-            verifyException(e, "Not a valid YAML version");
+            verifyException(e, "found a number which cannot represent a valid version");
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.fasterxml.jackson.dataformat.yaml.failing;`
	`1`	`+package com.fasterxml.jackson.dataformat.yaml.deser;`
`2`	`2`
`3`	`3`	`import com.fasterxml.jackson.core.exc.StreamReadException;`
`4`	`4`	`import com.fasterxml.jackson.databind.ObjectMapper;`
`@@ -23,7 +23,7 @@ public void testUnicodeDecoding50431() throws Exception`
`23`	`23`	`} catch (StreamReadException e) {`
`24`	`24`	`// Not sure what to verify, but should be exposed as one of Jackson's`
`25`	`25`	`// exceptions (or possibly IOException)`
`26`		`- verifyException(e, "Not a valid Unicode code point: 0xE30EEE");`
	`26`	`+ verifyException(e, "found unknown escape character E30EEE");`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`	`}`