From 5396cbc4fafb2e9b73f5834aa9f5f5816723ecd3 Mon Sep 17 00:00:00 2001
From: Thomas Calvet <calvet.thomas@gmail.com>
Date: Tue, 14 Jan 2020 09:16:44 +0100
Subject: [PATCH] [Yaml][Inline] Fail properly on empty object tag and empty
 const tag

---
 src/Symfony/Component/Yaml/Inline.php         | 12 +++++++--
 .../Component/Yaml/Tests/InlineTest.php       | 27 +++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php
index 73aba3cb8b0dc..90aeb28e5677f 100644
--- a/src/Symfony/Component/Yaml/Inline.php
+++ b/src/Symfony/Component/Yaml/Inline.php
@@ -692,7 +692,11 @@ private static function evaluateScalar($scalar, $flags, $references = [])
                         return null;
                     case 0 === strpos($scalar, '!php/object'):
                         if (self::$objectSupport) {
-                            return unserialize(self::parseScalar(substr($scalar, 12)));
+                            if ((false === $str = substr($scalar, 12)) || '' === $str) {
+                                throw new ParseException('The !php/object tag requires a value.', self::$parsedLineNumber + 1, $scalar, self::$parsedFilename);
+                            }
+
+                            return unserialize(self::parseScalar($str));
                         }
 
                         if (self::$exceptionOnInvalidType) {
@@ -717,8 +721,12 @@ private static function evaluateScalar($scalar, $flags, $references = [])
                         return null;
                     case 0 === strpos($scalar, '!php/const'):
                         if (self::$constantSupport) {
+                            if ((false === $const = substr($scalar, 11)) || '' === $const) {
+                                throw new ParseException('The !php/const tag requires a value.', self::$parsedLineNumber + 1, $scalar, self::$parsedFilename);
+                            }
+
                             $i = 0;
-                            if (\defined($const = self::parseScalar(substr($scalar, 11), 0, null, $i, false))) {
+                            if (\defined($const = self::parseScalar($const, 0, null, $i, false))) {
                                 return \constant($const);
                             }
 
diff --git a/src/Symfony/Component/Yaml/Tests/InlineTest.php b/src/Symfony/Component/Yaml/Tests/InlineTest.php
index 54372d69505bc..7b13a9f235c2d 100644
--- a/src/Symfony/Component/Yaml/Tests/InlineTest.php
+++ b/src/Symfony/Component/Yaml/Tests/InlineTest.php
@@ -799,4 +799,31 @@ public function getTestsForOctalNumbers()
             'negative octal number' => [-28, '-034'],
         ];
     }
+
+    /**
+     * @dataProvider tagThrowsOnEmptyProvider
+     */
+    public function testTagThrowsOnEmpty($tag, $inMapping, $flags)
+    {
+        $this->expectException(ParseException::class);
+        $this->expectExceptionMessage(sprintf('The %s tag requires a value at line 1 (near "%s").', $tag, $tag));
+
+        if ($inMapping) {
+            $value = sprintf('{%s : bar}', $tag);
+        } else {
+            $value = $tag.' ';
+        }
+
+        Inline::parse($value, $flags);
+    }
+
+    public function tagThrowsOnEmptyProvider()
+    {
+        return [
+            ['!php/object', false, Yaml::PARSE_OBJECT],
+            ['!php/object', true, Yaml::PARSE_OBJECT],
+            ['!php/const', false, Yaml::PARSE_CONSTANT],
+            ['!php/const', true, Yaml::PARSE_CONSTANT],
+        ];
+    }
 }