From 867581dd755bd202cefc605af5e081ba2ba8c1ec Mon Sep 17 00:00:00 2001
From: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 27 Aug 2018 00:44:04 +0000
Subject: Merge psych-3.1.0.pre1.

  * Update bundled libyaml-0.2.1 from 0.1.7.
    https://github.com/ruby/psych/pull/368
  * Unify Psych's API: To use keyword arguments with method call.
    https://github.com/ruby/psych/pull/358

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/psych/yaml/scanner.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'ext/psych/yaml/scanner.c')

diff --git a/ext/psych/yaml/scanner.c b/ext/psych/yaml/scanner.c
index d8d90325e0..359f1072f1 100644
--- a/ext/psych/yaml/scanner.c
+++ b/ext/psych/yaml/scanner.c
@@ -1188,7 +1188,7 @@ yaml_parser_decrease_flow_level(yaml_parser_t *parser)
 {
     if (parser->flow_level) {
         parser->flow_level --;
-	(void)POP(parser, parser->simple_keys);
+        (void)POP(parser, parser->simple_keys);
     }
 
     return 1;
@@ -2399,7 +2399,7 @@ yaml_parser_scan_tag(yaml_parser_t *parser, yaml_token_t *token)
     {
         /* Set the handle to '' */
 
-        handle = yaml_malloc(1);
+        handle = YAML_MALLOC(1);
         if (!handle) goto error;
         handle[0] = '\0';
 
@@ -2451,7 +2451,7 @@ yaml_parser_scan_tag(yaml_parser_t *parser, yaml_token_t *token)
             /* Set the handle to '!'. */
 
             yaml_free(handle);
-            handle = yaml_malloc(2);
+            handle = YAML_MALLOC(2);
             if (!handle) goto error;
             handle[0] = '!';
             handle[1] = '\0';
@@ -3160,8 +3160,8 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
                         *(string.pointer++) = '"';
                         break;
 
-                    case '\'':
-                        *(string.pointer++) = '\'';
+                    case '/':
+                        *(string.pointer++) = '/';
                         break;
 
                     case '\\':
@@ -3278,6 +3278,11 @@ yaml_parser_scan_flow_scalar(yaml_parser_t *parser, yaml_token_t *token,
 
         /* Check if we are at the end of the scalar. */
 
+        /* Fix for crash unitialized value crash
+         * Credit for the bug and input is to OSS Fuzz
+         * Credit for the fix to Alex Gaynor
+         */
+        if (!CACHE(parser, 1)) goto error;
         if (CHECK(parser->buffer, single ? '\'' : '"'))
             break;
 
@@ -3507,7 +3512,7 @@ yaml_parser_scan_plain_scalar(yaml_parser_t *parser, yaml_token_t *token)
                 if (leading_blanks && (int)parser->mark.column < indent
                         && IS_TAB(parser->buffer)) {
                     yaml_parser_set_scanner_error(parser, "while scanning a plain scalar",
-                            start_mark, "found a tab character that violates indentation");
+                            start_mark, "found a tab character that violate indentation");
                     goto error;
                 }
 
@@ -3571,4 +3576,3 @@ error:
 
     return 0;
 }
-
-- 
cgit v1.2.3