`NumberFormatException` from SnakeYAML due to int overflow for corrupt YAML version

[cowtowncoder]

(note: found by OSS-Fuzz -> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56902)

Looks like SnakeYAML's YAML directive handling assumes (not unreasonably) that the YAML version should be (or consist of) regular ints. But if input is crafted to have number bigger than 32-bit int, there's a NumberFormatException.
Input OSS-Fuzz generated is:

%YAML 1.9224775801

[cowtowncoder]

@asomov Here's the last open OSS-Fuzz found problem; forgot to follow up on this earlier. I would create an issue at bitbucket but I think project/issues are still locked, so I hope this is enough information?

I will check in Jackson-side reproduction next.

[asomov]

@cowtowncoder I will create an issue and let you know the progress

[asomov]

@cowtowncoder it will be delivered in version 2.1
https://bitbucket.org/snakeyaml/snakeyaml/pull-requests/60

https://bitbucket.org/snakeyaml/snakeyaml/issues/1061/numberformatexception-from-snakeyaml-due

[cowtowncoder]

Excellent @asomov thank you!

[cowtowncoder]

Fixed via #426 for 2.15(.3)

[cowtowncoder]

@asomov With SnakeYAML 2.1, this was fixed for Jackson 2.x. But it looks like snakeyaml-engine 2.6 has the same issue?
This from looking at Jackson YAML format modules failing test. (FuzzYAMLRead_406_56902Test)

[asomov]

@cowtowncoder SnakeYAML Engine 2.7 released with the fix