experimental YAML 1.3 implementation in Ada
Home Page: https://ada.yaml.io/
License: MIT License
This repository found at https://github.com/yaml/yaml contains information and pointers to all things YAML.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
This may be due to an error in the hashing function for DOM mapping nodes.
This happens because the allocator does not initialize the first header of the newly created Chunk.
When parsing hex sequences inside double-quoted scalars, a Constraint_Error may occur due to an overflow of the target Natural variable. This is because an escape sequence may contain 8 nibbles, which makes the maximal possible value 0xffffffff, i.e. 2³²-1. This can lead to overflow if Natural'Base is a 32-bit or smaller signed integer.
The lexer should raise a Lexer_Error if the value is greater than 0x1FFFFF, which is according to the specification the last valid unicode code point.
I get this error when running yaml-to_events (even before entering data):
$ ./yaml-to_events
Execution terminated by unhandled exception
raised PROGRAM_ERROR : yaml-to_events.adb:11 finalize/adjust raised exception
Call stack traceback locations:
0x402ce5 0x4030f6 0x403c66 0x7faeeb4d0b43 0x402b7a 0xfffffffffffffffe
$
The executable was built with GNAT GPL 2017 (20170515-63).
The compilation flags (as indicated by gprbuild -v):
/opt/gnat/gpl_2017_x64/bin/gcc -c -x ada -gnatA -g -gnatoU -gnat2012 -O0 -funwind-tables -fstack-check -gnata -gnatw.d -gnaty2efhkM250 -gnatwla -gnatw.w -gnatec=/tmp/GNAT-TEMP-000004.TMP -gnatem=/tmp/GNAT-TEMP-000005.TMP /home/sattmate/svn/yaml_to_ada/source/web_api/yaml-to_events.adb
The function Node_From calls itself. This should be implemented differently to support deeply nested structures. The error happens at a nesting level of ~2000.
This is what happens when you try to load a YAML file with a duplicate key in a mapping to DOM:
raised CONSTRAINT_ERROR : Yaml.Dom.Mapping_Data.Node_Maps.Insert: attempt to insert key already in map
This should raise a Composer_Error instead.
The referenced website has been missing for at least a month. Will it be replaced or restored? If not, the project description should be changed.
On a new empty project, AdaYaml appears to fail to build with errors:
$ alr init --bin example
...
$ alr with adayaml
ⓘ Synchronizing workspace...
Nothing to update.
Requested changes:
✓ adayaml ~0.3.0 (add)
Changes to dependency solution:
+ adayaml 0.3.0 (new)
+♼ gnat 12.1.1 (new,installed,gnat_external,indirect)
+ libgnutls 3.7.7 (new,indirect)
+ simple_components 4.62.0 (new,indirect)
+ unixodbc 2.3.9 (new,indirect)
...
$ alr build
...
yaml-dom-sequence_data.adb:237:33: error: implicit conversion of anonymous access parameter not allowed
yaml-dom-node_memory.adb:9:32: error: access-to-constant operand type not allowed
yaml-dom-node_memory.adb:12:31: error: access-to-constant operand type not allowed
yaml-dom-node_memory.adb:20:28: error: access-to-constant operand type not allowed
yaml-dom-mapping_data.adb:147:33: error: implicit conversion of anonymous access parameter not allowed
yaml-dom-mapping_data.adb:147:38: error: implicit conversion of anonymous access parameter not allowed
When parsing valid YAML file, the parser often raises program_error exception.
This occurs in the Text string allocator. At some point the chunk gets corrupted.
Reproduced with the util tool:
bin/yaml-to_dom swagger.txt
Hi, running the following simple example program, causes a crash with YAML.STREAM_ERROR exception.
with Utils;
with Ada.Text_IO;
with Ada.Command_Line;
with GNAT.Exception_Actions;
with Ada.Exceptions;
with Yaml.Dom;
with Yaml.Dom.Vectors;
with Yaml.Dom.Loading;
with Yaml.Dom.Dumping;
with Yaml.Events.Queue;
procedure Yaml_Test
is
S : constant String := Utils.File_Content (Ada.Command_Line.Argument (1));
begin
Ada.Text_IO.Put_Line (S);
declare
V : constant Yaml.Dom.Vectors.Vector := Yaml.Dom.Loading.From_String (S);
E : constant Yaml.Events.Queue.Reference :=
Yaml.Dom.Dumping.To_Event_Queue (V);
pragma Unreferenced (E);
begin
null;
end;
exception
when Occurence : others =>
Ada.Text_IO.Put_Line (Ada.Exceptions.Exception_Information (Occurence));
GNAT.Exception_Actions.Core_Dump (Occurence);
end Yaml_Test;
I cite one of your e-mails:
This error means that a malformed event stream has been encountered. Parsing a YAML input stream or serializing a DOM structure should always create a valid event stream unless it raises an exception – hence getting Yaml.Stream_Error would actually show that there's an internal error in one of those components.
Yaml.Stream_Error would only be an error with external cause if you generate an event stream manually in your code.
See also stream-error-crashes.zip.
I get the following:
In yaml.gpr I read
package Compiler is
for Default_Switches ("ada") use
("-gnat12", "-gnatwa", "-gnatwl", "-gnata", "-gnaty3abcefhiklmNprt", "-fstack-check");
case Mode is
when "debug" =>
for Default_Switches ("ada") use Compiler'Default_Switches ("ada") &
("-gnata", "-gnateE", "-E", "-g");
when "release" =>
for Default_Switches ("ada") use
("-O3" );
end case;
end Compiler;
Why does the release alternative on
Line 40 in b972e88
Compiler'Default_Switches ("ada") &?
If it is done on purpose, why isn't it written as
package Compiler is
case Mode is
when "debug" =>
for Default_Switches ("ada") use
("-gnat12", "-gnatwa", "-gnatwl", "-gnata", "-gnaty3abcefhiklmNprt", "-fstack-check") &
("-gnata", "-gnateE", "-E", "-g");
when "release" =>
for Default_Switches ("ada") use
("-O3" );
end case;
end Compiler;
Thanks in advance for your explanation.
This list of bugs has been discovered by Lionel with fuzzing tests.
Note: In the reports, there were also crashes with a ADA.STRINGS.UTF_ENCODING.ENCODING_ERROR. I intend to keep those as they are, because an encoding error is more low-level than a lexer error and should be distinguished.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.