json-repair 0.11.2 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d7b2f30c2451f62471beabed342ff8360f644e4ae703fa3e0f5490e44d4f0d1
-  data.tar.gz: 254abaa4ab104a0cc6650d02f099ebb00b0600ef213b00866da266159b6c1a37
+  metadata.gz: aef10e86ea82fb56d9666ad7470317cf751f00730ef51910094ce8b2ee876a53
+  data.tar.gz: 682f0cdacc02896687e6c39e534f92f0beda52110679da8b7b7f43721aa6c2a4
 SHA512:
-  metadata.gz: bfd417574888a7ff44a03870f48ab6e02c7bb7ae80189262e093425ba52e3943982f6ab36170c1cac6a3871e3d3379469b8319bbaa6defe8a0d473a7be6fe2a9
-  data.tar.gz: 208611ef2a09d4e3a5c91afe98334dfc7443a3db56de9624cfa82a3dea1e0c0480de18227646a96dac3c46f64af526e229f70dd9de4cd41cc1160a703b132a0b
+  metadata.gz: 572225e5c09ac6ab7795d21d179e9ac07bc2c3bffedb5f1df48afa5a33ab8a73923af90429730532a822f3a78004181f3a9d2d7a2bddf17b9b649819b169ec65
+  data.tar.gz: a62311d2002b538b81132f6efb8525e6c6801baaa5a8f9eac020abbc2726e5ed783ee2719aeed9dc77301492f869f79deb807b9eee74f3a56e0a37d4712b7279

data/CHANGELOG.md

@@ -1,5 +1,59 @@
 # Changes
 
+### 2026-06-12 (0.12.0)
+
+* Repair the three known input families that raised `Internal error:
+  repaired output is not valid JSON` — cases where upstream
+  [jsonrepair](https://github.com/josdejong/jsonrepair) (v3.14.0, still
+  its latest release) emits invalid JSON and this gem's canonical
+  re-serialize guard caught it but blamed the Repairer. All three are
+  deliberate divergences from upstream, commented at each site:
+  * A stray `e`/`E` with no mantissa is now an unquoted string instead
+    of an empty-mantissa exponent: `[e]` → `["e"]`, `[e5]` → `["e5"]`,
+    `[truee]` → `[true,"e"]`, `{"k": e}` → `{"k":"e"}` (upstream emits
+    `e0` / raw `e5`). Numbers truncated at a real exponent (`[2e]` →
+    `[2.0]`) are unchanged.
+  * Negative leading-zero numbers are quoted like positive ones:
+    `{"n": -05}` → `{"n":"-05"}`, matching the existing `{"n": 05}` →
+    `{"n":"05"}` (upstream emits `-05` unrepaired). The same rule now
+    also covers the truncated-number repair, which bypassed it:
+    `[05e]` → `["05e0"]`, `00.` → `"00.0"` (upstream emits `05e0` /
+    `00.0` unrepaired). Valid `-0` / `-0.5` / `0e` / `0.` are
+    unchanged.
+  * The trailing-comma repair no longer strips a comma belonging to the
+    enclosing container when an inner object/array fails on its first
+    key or value: `[{{]` → `[{},{}]`, `[1,[}]` → `[1,[]]`,
+    `{"a": 1, "b": [}` → `{"a":1,"b":[]}` (upstream emits `[{}{}]`,
+    `[1[]]`, `{"a": 1 "b": []}`).
+  Validated by differential testing against upstream over a 270-input
+  grid of these shapes in every container context: the only behavior
+  changes vs 0.11.3 are the 123 previously-`Internal error` inputs now
+  repairing (or, for `e+` shapes where upstream emits invalid `e+0`,
+  raising a clean position-bearing error). Benchmarks flat.
+
+### 2026-06-12 (0.11.3)
+
+* Fix infinite recursion (`SystemStackError`) on a quoted string
+  followed by a backslash-escaped delimiter, like `["y"\, "z"]`. The
+  missing-end-quote retry in `parse_string` stops at the comma it
+  detected in the first pass, but the invalid-escape repair consumed
+  `\,` as one two-character step, jumping over the stop index and
+  re-firing the retry with identical arguments forever — violating the
+  contract that `JSONRepairError` is the only error raised. The escaped
+  delimiter now ends the string there and the dangling backslash is
+  dropped (the standard invalid-escape repair): `["y"\, "z"]` →
+  `["y\"","z"]`. The stop-index check is also hardened from `==` to
+  `>=` so no future multi-character advance can step over it and
+  recurse. Deliberate divergence from upstream
+  [jsonrepair](https://github.com/josdejong/jsonrepair), which crashes
+  with "Maximum call stack size exceeded" on the same input as of
+  v3.14.0 (still its latest release). Found by differential fuzzing
+  during the 0.11.2 work and re-validated the same way: across a
+  240-input grid of escape-adjacent shapes, only previously-crashing
+  inputs changed behavior — object shapes like `{"k": "y"\, "z"}` now
+  raise the same "Colon expected" as their backslash-free analog
+  `{"k": "y", "z"}`. Benchmarks flat vs 0.11.2.
+
 ### 2026-06-12 (0.11.2)
 
 * Fix the 0.11.0 doubled-colon repair silently mangling objects with a

data/lib/json/repair/version.rb

@@ -2,6 +2,6 @@
 
 module JSON
   module Repair
-    VERSION = '0.11.2'
+    VERSION = '0.12.0'
   end
 end

data/lib/json/repairer.rb

@@ -237,6 +237,7 @@ module JSON
 
       initial = true
       while @index < @json.length && @json[@index] != CLOSING_BRACE
+        first_pair = initial
         if initial
           initial = false
         else
@@ -255,8 +256,12 @@ module JSON
           if @json[@index] == CLOSING_BRACE || @json[@index] == OPENING_BRACE ||
              @json[@index] == CLOSING_BRACKET || @json[@index] == OPENING_BRACKET ||
              @json[@index].nil?
-            # repair trailing comma
-            @output = strip_last_occurrence(@output, ',')
+            # repair trailing comma — but only the one this object's own loop
+            # emitted or inserted; on the first pair the buffer's last
+            # comma belongs to the enclosing container, like in [{{] or
+            # {"a": 1, "b": {] (divergence from upstream, which strips
+            # the parent's comma and emits invalid JSON like [{}{}])
+            @output = strip_last_occurrence(@output, ',') unless first_pair
           else
             throw_object_key_expected
           end
@@ -463,7 +468,13 @@ module JSON
           return true
         end
 
-        if @index == stop_at_index
+        # >= with a sentinel guard, not ==. Divergence from upstream (which
+        # compares with == as of v3.14.0): a multi-character advance below
+        # can step over the stop index, and resuming the comma-path retry
+        # from beyond it would re-fire that retry with identical arguments
+        # forever. The invalid-escape repair below avoids the only known
+        # overshoot; this is the backstop guaranteeing termination.
+        if stop_at_index >= 0 && @index >= stop_at_index
           # use the stop index detected in the first iteration, and repair end quote
           str = insert_before_last_whitespace(str, '"')
           @output << str
@@ -569,6 +580,15 @@ module JSON
             # repair a backslash escaped newline (like in Bash scripts)
             str << '\n'
             @index += 2
+          elsif @index + 1 == stop_at_index
+            # repair invalid escape character: remove it — but the escaped
+            # character is the delimiter the comma-path retry said to stop
+            # at, so drop only the backslash and let the stop check above
+            # fire there, keeping the delimiter a delimiter. Divergence
+            # from upstream, which consumes both characters, jumps the stop
+            # index, and crashes ("Maximum call stack size exceeded" on
+            # inputs like `["y"\, "z"]` as of v3.14.0).
+            @index += 1
           else
             # repair invalid escape character: remove it
             str << char
@@ -723,7 +743,13 @@ module JSON
         @index += 1 while digit?(@json[@index])
       end
 
-      if @json[@index] && @json[@index].downcase == 'e'
+      # Divergence from upstream: only enter the exponent branch when a
+      # mantissa was consumed — at this point @index > start implies at
+      # least one digit (the '-' and '.' paths reset otherwise). Upstream
+      # accepts a bare "e"/"E" here and emits invalid JSON like `e0` or
+      # raw `e5`; declining lets the token fall through to
+      # parse_unquoted_string, matching how "-e5" already becomes "-e5".
+      if @index > start && @json[@index] && @json[@index].downcase == 'e'
         @index += 1
         @index += 1 if ['-', '+'].include?(@json[@index])
         if at_end_of_number?
@@ -746,7 +772,9 @@ module JSON
       if @index > start
         # repair a number with leading zeros like "00789"
         num = @json[start...@index]
-        has_invalid_leading_zero = num.match?(/^0\d/)
+        # the optional sign quotes "-05" like "05" (divergence from
+        # upstream, whose unsigned check lets "-05" through unrepaired)
+        has_invalid_leading_zero = num.match?(/^-?0\d/)
 
         @output << (has_invalid_leading_zero ? "\"#{num}\"" : repair_leading_dot_number(num))
         return true
@@ -771,6 +799,7 @@ module JSON
 
         initial = true
         while @index < @json.length && @json[@index] != CLOSING_BRACKET
+          first_item = initial
           if initial
             initial = false
           else
@@ -784,8 +813,12 @@ module JSON
           processed_value = parse_value
           next if processed_value
 
-          # repair trailing comma
-          @output = strip_last_occurrence(@output, ',')
+          # repair trailing comma — but only the one this array's own loop
+          # emitted or inserted; on the first item the buffer's last
+          # comma belongs to the enclosing container, like in [1,[}] or
+          # {"a": 1, "b": [} (divergence from upstream, which strips
+          # the parent's comma and emits invalid JSON like [1[]])
+          @output = strip_last_occurrence(@output, ',') unless first_item
           break
         end
 
@@ -844,7 +877,11 @@ module JSON
       # repair numbers cut off at the end
       # this will only be called when we end after a '.', '-', or 'e' and does not
       # change the number more than it needs to make it valid JSON
-      @output << repair_leading_dot_number("#{@json[start...@index]}0")
+      num = "#{@json[start...@index]}0"
+      # quote a padded token that has an invalid leading zero, like "05e" ->
+      # "05e0", applying the same rule as the end of parse_number (divergence
+      # from upstream, which emits the invalid number raw)
+      @output << (num.match?(/^-?0\d/) ? "\"#{num}\"" : repair_leading_dot_number(num))
     end
 
     # Repair a number missing its digit before the decimal point, like ".5"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: json-repair
 version: !ruby/object:Gem::Version
-  version: 0.11.2
+  version: 0.12.0
 platform: ruby
 authors:
 - Aleksandr Zykov