Hi all, I have encountered a bug with serde_yml crate, but it appears their repo has issues turned off, only pull requests. I have created a project which demonstrates the panic if anyone wants to take a look. I'll take recommendations, but for now putting it here for visibility. The gist of it is, this panics:
pub async fn demo_panic() -> Result<(), Box<dyn std::error::Error>> {
use serde_yml::Value;
let t = Test {
// NOTE: the amount of spaces at the end matters
content: "\n a {\n ".into(),
};
// create the file with the failing string
// ensure to deserialize using serde_yml
fs::write("./generated-test.yaml", serde_yml::to_string(&t)?).await?;
let bad_file = fs::read("./generated-test.yaml").await?;
println!("attempt to deserialize Test");
// PANICS //
let _: Result<Test, _> = serde_yml::from_slice(&bad_file);
println!("attempt to deserialize serde_yml::Value");
// PANICS //
let _: Result<Value, _> = serde_yml::from_slice(&bad_file);
Ok(())
}
Using the archived serde_yaml crate instead works. Playground. Running the same snippet with serde_yml on my local machine gives the following panic:
thread 'main' panicked at /home/masterusr/.cargo/registry/src/index.crates.io-6f17d22bba15001f/libyml-0.0.5/src/scanner.rs:2798:17:
String join would overflow memory bounds
If I replace the escaped \ns in the yaml file with real line breaks, the code compiles fine. This looks like a bug in the serde_yml crate to me and I believe you should open an issue with them... or not, given that they disabled their issues on GitHub. Edit: re-reading your post I see that you already looked at that option.
The repository you filed that bug report in is for the crates.io website itself, not for projects listed on crates.io. The developers there have no involvement with serde-yml.