Issue 111: Long escaped tag URI sequences throw BufferOverflowException
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 5c57b7f..aa61a69 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -7,6 +7,9 @@
</properties>
<body>
<release version="1.9-SNAPSHOT" date="in Mercurial" description="Development">
+ <action dev="py4fun" type="fix" issue="111" due-to="JordanAngold">
+ Fix: Long escaped tag URI sequences throw BufferOverflowException (2011-03-03)
+ </action>
<action dev="py4fun" type="fix" issue="110" due-to="dmitry.s.mamonov">
Fix: introduce a package for external libraries and move there the 64Coder
and the Google's URL encoder (2011-02-24)
diff --git a/src/main/java/org/yaml/snakeyaml/scanner/ScannerImpl.java b/src/main/java/org/yaml/snakeyaml/scanner/ScannerImpl.java
index 079d10c..bd82507 100644
--- a/src/main/java/org/yaml/snakeyaml/scanner/ScannerImpl.java
+++ b/src/main/java/org/yaml/snakeyaml/scanner/ScannerImpl.java
@@ -1735,12 +1735,18 @@
}
private String scanUriEscapes(String name, Mark startMark) {
+ // First, look ahead to see how many URI-escaped characters we should
+ // expect, so we can use the correct buffer size.
+ int length = 1;
+ while (reader.peek(length * 3) == '%') {
+ length++;
+ }
// See the specification for details.
// URIs containing 16 and 32 bit Unicode characters are
// encoded in UTF-8, and then each octet is written as a
// separate character.
Mark beginningMark = reader.getMark();
- ByteBuffer buff = ByteBuffer.allocate(256);
+ ByteBuffer buff = ByteBuffer.allocate(length);
while (reader.peek() == '%') {
reader.forward();
try {
diff --git a/src/test/java/org/yaml/snakeyaml/issues/issue111/LongUriTest.java b/src/test/java/org/yaml/snakeyaml/issues/issue111/LongUriTest.java
new file mode 100644
index 0000000..7c416a5
--- /dev/null
+++ b/src/test/java/org/yaml/snakeyaml/issues/issue111/LongUriTest.java
@@ -0,0 +1,51 @@
+/**
+ * Copyright (c) 2008-2011, http://www.snakeyaml.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.yaml.snakeyaml.issues.issue111;
+
+import java.io.StringReader;
+
+import junit.framework.TestCase;
+
+import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.nodes.Node;
+import org.yaml.snakeyaml.nodes.ScalarNode;
+
+public class LongUriTest extends TestCase {
+ /**
+ * Try loading a tag with a very long escaped URI section (over 256 bytes'
+ * worth).
+ */
+ public void testLongURIEscape() {
+ Yaml loader = new Yaml();
+ // Create a long escaped string by exponential growth...
+ String longEscURI = "%41"; // capital A...
+ for (int i = 0; i < 10; ++i) {
+ longEscURI = longEscURI + longEscURI;
+ }
+ assertEquals(1024 * 3, longEscURI.length());
+ String yaml = "!" + longEscURI + " www";
+
+ Node node = loader.compose(new StringReader(yaml));
+ ScalarNode scalar = (ScalarNode) node;
+ String etalon = "!";
+ for (int i = 0; i < 1024; i++) {
+ etalon += "A";
+ }
+ assertEquals(1025, etalon.length());
+ assertEquals(etalon, scalar.getTag().toString());
+ }
+}