Fix null dereference in yaml::Document::skip

Summary: The attached test case replicates a null dereference crash in
`yaml::Document::skip()`. This was fixed by adding a check and early
return in the method.

Reviewers: Bigcheese, hintonda, beanz

Reviewed By: hintonda

Subscribers: hiraditya, dexonsmith, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D69974

diff --git a/llvm/lib/Support/YAMLParser.cpp b/llvm/lib/Support/YAMLParser.cpp
index 333648d..d17e7b2 100644 (file)
--- a/llvm/lib/Support/YAMLParser.cpp
+++ b/llvm/lib/Support/YAMLParser.cpp
@@ -2288,8 +2288,8 @@ Document::Document(Stream &S) : stream(S), Root(nullptr) {
 bool Document::skip()  {
   if (stream.scanner->failed())
     return false;
-  if (!Root)
-    getRoot();
+  if (!Root && !getRoot())
+    return false;
   Root->skip();
   Token &T = peekNext();
   if (T.Kind == Token::TK_StreamEnd)

diff --git a/llvm/unittests/Support/YAMLParserTest.cpp b/llvm/unittests/Support/YAMLParserTest.cpp
index 06d4b0e..938a6ab 100644 (file)
--- a/llvm/unittests/Support/YAMLParserTest.cpp
+++ b/llvm/unittests/Support/YAMLParserTest.cpp
@@ -331,4 +331,15 @@ TEST(YAMLParser, DifferentNodesIteratorOperatorEquals) {
   EXPECT_TRUE(End == AnotherEnd);
 }
 
+TEST(YAMLParser, FlowSequenceTokensOutsideFlowSequence) {
+  auto FlowSequenceStrs = {",", "]", "}"};
+  SourceMgr SM;
+
+  for (auto &Str : FlowSequenceStrs) {
+    yaml::Stream Stream(Str, SM);
+    yaml::Document &Doc = *Stream.begin();
+    EXPECT_FALSE(Doc.skip());
+  }
+}
+
 } // end namespace llvm