IndexError in scan_tag() and check_key() on empty input #906
Description
When the input is an empty string, the scan_tag() and check_key() methods call peek(1) without first validating that sufficient characters are available in the buffer. This results in an IndexError being raised from the low‑level peek() method.
loader = yaml.loader.SafeLoader("")
ret = loader.check_key()
loader2 = yaml.loader.SafeLoader("")
ret = loader2.scan_tag()
trace:
Traceback (most recent call last):
File "/root/anaconda3/lib/python3.9/site-packages/yaml/reader.py", line 89, in peek
return self.buffer[self.pointer+index]
IndexError: string index out of range
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 39, in <module>
RunFuzzer("")
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 36, in RunFuzzer
output = dc.demoFunc(x)
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 25, in demoFunc
ret = loader.check_key()
File "/root/anaconda3/lib/python3.9/site-packages/yaml/scanner.py", line 719, in check_key
return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
File "/root/anaconda3/lib/python3.9/site-packages/yaml/reader.py", line 92, in peek
return self.buffer[self.pointer+index]
IndexError: string index out of range
Traceback (most recent call last):
File "/root/anaconda3/lib/python3.9/site-packages/yaml/reader.py", line 89, in peek
return self.buffer[self.pointer+index]
IndexError: string index out of range
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 39, in <module>
RunFuzzer("")
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 36, in RunFuzzer
output = dc.demoFunc(x)
File "/root/PyRTFuzz/check/failed/seeds_yaml15/yaml.composer.Composer.get_node/1#yaml#composer#Composer#get_node.py", line 26, in demoFunc
ret = loader2.scan_tag()
File "/root/anaconda3/lib/python3.9/site-packages/yaml/scanner.py", line 938, in scan_tag
ch = self.peek(1)
File "/root/anaconda3/lib/python3.9/site-packages/yaml/reader.py", line 92, in peek
return self.buffer[self.pointer+index]
IndexError: string index out of range
Expected Behavior:
Validate buffer bounds before calling peek(1), ensuring there are enough characters to read, or raise a proper ScannerError indicating “unexpected end of stream” or “insufficient input.”