json 2.0.3 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/VERSION +1 -1
- data/ext/json/ext/fbuffer/fbuffer.h +0 -3
- data/ext/json/ext/generator/generator.c +6 -6
- data/ext/json/ext/generator/generator.h +0 -1
- data/ext/json/ext/parser/parser.c +27 -19
- data/ext/json/ext/parser/parser.rl +10 -2
- data/json.gemspec +0 -0
- data/json_pure.gemspec +4 -4
- data/lib/json/version.rb +1 -1
- data/tests/json_encoding_test.rb +2 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b03a4476559d2bfc44e9caeb97ff8330abe090c3
|
4
|
+
data.tar.gz: 18c5c1c5311a254df4f512fa33866268185280e4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 28bf1fcbba82b0412226c6ba808d91427e19807aab30d7357d55e7004ce17c3673812ad5067d092d6b8039e77b0ea2006251fcb8a9590ed61bc87dc9364c21da
|
7
|
+
data.tar.gz: 1a1a9702657ad711e48ee470485c5c6101e30ec05b4df6dd0b9d7d524f16f5f0c722f3b672a19e5a6fe9920c014fcb857f6dcfb416ac657cab91dd3bc228be37
|
data/CHANGES.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# Changes
|
2
2
|
|
3
|
+
## 2017-03-23 (2.0.4)
|
4
|
+
* Raise exception for incomplete unicode surrogates/character escape
|
5
|
+
sequences. This problem was reported by Daniel Gollahon (dgollahon).
|
6
|
+
* Fix arbitrary heap exposure problem. This problem was reported by Ahmad
|
7
|
+
Sherif (ahmadsherif).
|
3
8
|
|
4
9
|
## 2017-01-12 (2.0.3)
|
5
10
|
* Set `required_ruby_version` to 1.9
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.0.
|
1
|
+
2.0.4
|
@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
|
|
308
308
|
char *result;
|
309
309
|
if (len <= 0) return NULL;
|
310
310
|
result = ALLOC_N(char, len);
|
311
|
-
|
311
|
+
memcpy(result, ptr, len);
|
312
312
|
return result;
|
313
313
|
}
|
314
314
|
|
@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
|
|
1062
1062
|
}
|
1063
1063
|
} else {
|
1064
1064
|
if (state->indent) ruby_xfree(state->indent);
|
1065
|
-
state->indent =
|
1065
|
+
state->indent = fstrndup(RSTRING_PTR(indent), len);
|
1066
1066
|
state->indent_len = len;
|
1067
1067
|
}
|
1068
1068
|
return Qnil;
|
@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
|
|
1100
1100
|
}
|
1101
1101
|
} else {
|
1102
1102
|
if (state->space) ruby_xfree(state->space);
|
1103
|
-
state->space =
|
1103
|
+
state->space = fstrndup(RSTRING_PTR(space), len);
|
1104
1104
|
state->space_len = len;
|
1105
1105
|
}
|
1106
1106
|
return Qnil;
|
@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
|
|
1136
1136
|
}
|
1137
1137
|
} else {
|
1138
1138
|
if (state->space_before) ruby_xfree(state->space_before);
|
1139
|
-
state->space_before =
|
1139
|
+
state->space_before = fstrndup(RSTRING_PTR(space_before), len);
|
1140
1140
|
state->space_before_len = len;
|
1141
1141
|
}
|
1142
1142
|
return Qnil;
|
@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
|
|
1173
1173
|
}
|
1174
1174
|
} else {
|
1175
1175
|
if (state->object_nl) ruby_xfree(state->object_nl);
|
1176
|
-
state->object_nl =
|
1176
|
+
state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
|
1177
1177
|
state->object_nl_len = len;
|
1178
1178
|
}
|
1179
1179
|
return Qnil;
|
@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
|
|
1208
1208
|
}
|
1209
1209
|
} else {
|
1210
1210
|
if (state->array_nl) ruby_xfree(state->array_nl);
|
1211
|
-
state->array_nl =
|
1211
|
+
state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
|
1212
1212
|
state->array_nl_len = len;
|
1213
1213
|
}
|
1214
1214
|
return Qnil;
|
@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
|
|
1435
1435
|
break;
|
1436
1436
|
case 'u':
|
1437
1437
|
if (pe > stringEnd - 4) {
|
1438
|
-
|
1438
|
+
rb_enc_raise(
|
1439
|
+
EXC_ENCODING eParserError,
|
1440
|
+
"%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
|
1441
|
+
);
|
1439
1442
|
} else {
|
1440
1443
|
UTF32 ch = unescape_unicode((unsigned char *) ++pe);
|
1441
1444
|
pe += 3;
|
1442
1445
|
if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
|
1443
1446
|
pe++;
|
1444
|
-
if (pe > stringEnd - 6)
|
1447
|
+
if (pe > stringEnd - 6) {
|
1448
|
+
rb_enc_raise(
|
1449
|
+
EXC_ENCODING eParserError,
|
1450
|
+
"%u: incomplete surrogate pair at '%s'", __LINE__, p
|
1451
|
+
);
|
1452
|
+
}
|
1445
1453
|
if (pe[0] == '\\' && pe[1] == 'u') {
|
1446
1454
|
UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
|
1447
1455
|
ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
|
@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
|
|
1471
1479
|
}
|
1472
1480
|
|
1473
1481
|
|
1474
|
-
#line
|
1482
|
+
#line 1483 "parser.c"
|
1475
1483
|
enum {JSON_string_start = 1};
|
1476
1484
|
enum {JSON_string_first_final = 8};
|
1477
1485
|
enum {JSON_string_error = 0};
|
@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
|
|
1479
1487
|
enum {JSON_string_en_main = 1};
|
1480
1488
|
|
1481
1489
|
|
1482
|
-
#line
|
1490
|
+
#line 512 "parser.rl"
|
1483
1491
|
|
1484
1492
|
|
1485
1493
|
static int
|
@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Parser *json, char *p, char *pe, VALUE *resu
|
|
1501
1509
|
|
1502
1510
|
*result = rb_str_buf_new(0);
|
1503
1511
|
|
1504
|
-
#line
|
1512
|
+
#line 1513 "parser.c"
|
1505
1513
|
{
|
1506
1514
|
cs = JSON_string_start;
|
1507
1515
|
}
|
1508
1516
|
|
1509
|
-
#line
|
1517
|
+
#line 533 "parser.rl"
|
1510
1518
|
json->memo = p;
|
1511
1519
|
|
1512
|
-
#line
|
1520
|
+
#line 1521 "parser.c"
|
1513
1521
|
{
|
1514
1522
|
if ( p == pe )
|
1515
1523
|
goto _test_eof;
|
@@ -1534,7 +1542,7 @@ case 2:
|
|
1534
1542
|
goto st0;
|
1535
1543
|
goto st2;
|
1536
1544
|
tr2:
|
1537
|
-
#line
|
1545
|
+
#line 498 "parser.rl"
|
1538
1546
|
{
|
1539
1547
|
*result = json_string_unescape(*result, json->memo + 1, p);
|
1540
1548
|
if (NIL_P(*result)) {
|
@@ -1545,14 +1553,14 @@ tr2:
|
|
1545
1553
|
{p = (( p + 1))-1;}
|
1546
1554
|
}
|
1547
1555
|
}
|
1548
|
-
#line
|
1556
|
+
#line 509 "parser.rl"
|
1549
1557
|
{ p--; {p++; cs = 8; goto _out;} }
|
1550
1558
|
goto st8;
|
1551
1559
|
st8:
|
1552
1560
|
if ( ++p == pe )
|
1553
1561
|
goto _test_eof8;
|
1554
1562
|
case 8:
|
1555
|
-
#line
|
1563
|
+
#line 1564 "parser.c"
|
1556
1564
|
goto st0;
|
1557
1565
|
st3:
|
1558
1566
|
if ( ++p == pe )
|
@@ -1628,7 +1636,7 @@ case 7:
|
|
1628
1636
|
_out: {}
|
1629
1637
|
}
|
1630
1638
|
|
1631
|
-
#line
|
1639
|
+
#line 535 "parser.rl"
|
1632
1640
|
|
1633
1641
|
if (json->create_additions && RTEST(match_string = json->match_string)) {
|
1634
1642
|
VALUE klass;
|
@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
|
|
1808
1816
|
}
|
1809
1817
|
|
1810
1818
|
|
1811
|
-
#line
|
1819
|
+
#line 1820 "parser.c"
|
1812
1820
|
enum {JSON_start = 1};
|
1813
1821
|
enum {JSON_first_final = 10};
|
1814
1822
|
enum {JSON_error = 0};
|
@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
|
|
1816
1824
|
enum {JSON_en_main = 1};
|
1817
1825
|
|
1818
1826
|
|
1819
|
-
#line
|
1827
|
+
#line 728 "parser.rl"
|
1820
1828
|
|
1821
1829
|
|
1822
1830
|
/*
|
@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
|
|
1833
1841
|
GET_PARSER;
|
1834
1842
|
|
1835
1843
|
|
1836
|
-
#line
|
1844
|
+
#line 1845 "parser.c"
|
1837
1845
|
{
|
1838
1846
|
cs = JSON_start;
|
1839
1847
|
}
|
1840
1848
|
|
1841
|
-
#line
|
1849
|
+
#line 744 "parser.rl"
|
1842
1850
|
p = json->source;
|
1843
1851
|
pe = p + json->len;
|
1844
1852
|
|
1845
|
-
#line
|
1853
|
+
#line 1854 "parser.c"
|
1846
1854
|
{
|
1847
1855
|
if ( p == pe )
|
1848
1856
|
goto _test_eof;
|
@@ -1876,7 +1884,7 @@ st0:
|
|
1876
1884
|
cs = 0;
|
1877
1885
|
goto _out;
|
1878
1886
|
tr2:
|
1879
|
-
#line
|
1887
|
+
#line 720 "parser.rl"
|
1880
1888
|
{
|
1881
1889
|
char *np = JSON_parse_value(json, p, pe, &result, 0);
|
1882
1890
|
if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
|
@@ -1886,7 +1894,7 @@ st10:
|
|
1886
1894
|
if ( ++p == pe )
|
1887
1895
|
goto _test_eof10;
|
1888
1896
|
case 10:
|
1889
|
-
#line
|
1897
|
+
#line 1898 "parser.c"
|
1890
1898
|
switch( (*p) ) {
|
1891
1899
|
case 13: goto st10;
|
1892
1900
|
case 32: goto st10;
|
@@ -1975,7 +1983,7 @@ case 9:
|
|
1975
1983
|
_out: {}
|
1976
1984
|
}
|
1977
1985
|
|
1978
|
-
#line
|
1986
|
+
#line 747 "parser.rl"
|
1979
1987
|
|
1980
1988
|
if (cs >= JSON_first_final && p == pe) {
|
1981
1989
|
return result;
|
@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE result, char *string, char *stringEnd)
|
|
446
446
|
break;
|
447
447
|
case 'u':
|
448
448
|
if (pe > stringEnd - 4) {
|
449
|
-
|
449
|
+
rb_enc_raise(
|
450
|
+
EXC_ENCODING eParserError,
|
451
|
+
"%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
|
452
|
+
);
|
450
453
|
} else {
|
451
454
|
UTF32 ch = unescape_unicode((unsigned char *) ++pe);
|
452
455
|
pe += 3;
|
453
456
|
if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
|
454
457
|
pe++;
|
455
|
-
if (pe > stringEnd - 6)
|
458
|
+
if (pe > stringEnd - 6) {
|
459
|
+
rb_enc_raise(
|
460
|
+
EXC_ENCODING eParserError,
|
461
|
+
"%u: incomplete surrogate pair at '%s'", __LINE__, p
|
462
|
+
);
|
463
|
+
}
|
456
464
|
if (pe[0] == '\\' && pe[1] == 'u') {
|
457
465
|
UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
|
458
466
|
ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
|
data/json.gemspec
CHANGED
Binary file
|
data/json_pure.gemspec
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
# stub: json_pure 2.0.
|
2
|
+
# stub: json_pure 2.0.4 ruby lib
|
3
3
|
|
4
4
|
Gem::Specification.new do |s|
|
5
5
|
s.name = "json_pure".freeze
|
6
|
-
s.version = "2.0.
|
6
|
+
s.version = "2.0.4"
|
7
7
|
|
8
8
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
9
9
|
s.require_paths = ["lib".freeze]
|
10
10
|
s.authors = ["Florian Frank".freeze]
|
11
|
-
s.date = "2017-
|
11
|
+
s.date = "2017-04-10"
|
12
12
|
s.description = "This is a JSON implementation in pure Ruby.".freeze
|
13
13
|
s.email = "flori@ping.de".freeze
|
14
14
|
s.extra_rdoc_files = ["README.md".freeze]
|
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.licenses = ["Ruby".freeze]
|
18
18
|
s.rdoc_options = ["--title".freeze, "JSON implemention for ruby".freeze, "--main".freeze, "README.md".freeze]
|
19
19
|
s.required_ruby_version = Gem::Requirement.new(">= 1.9".freeze)
|
20
|
-
s.rubygems_version = "2.6.
|
20
|
+
s.rubygems_version = "2.6.11".freeze
|
21
21
|
s.summary = "JSON Implementation for Ruby".freeze
|
22
22
|
s.test_files = ["./tests/test_helper.rb".freeze]
|
23
23
|
|
data/lib/json/version.rb
CHANGED
data/tests/json_encoding_test.rb
CHANGED
@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::TestCase
|
|
79
79
|
json = '["\ud840\udc01"]'
|
80
80
|
assert_equal json, generate(utf8, :ascii_only => true)
|
81
81
|
assert_equal utf8, parse(json)
|
82
|
+
assert_raises(JSON::ParserError) { parse('"\u"') }
|
83
|
+
assert_raises(JSON::ParserError) { parse('"\ud800"') }
|
82
84
|
end
|
83
85
|
|
84
86
|
def test_chars
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: json
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Florian Frank
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-04-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -180,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
180
180
|
version: '0'
|
181
181
|
requirements: []
|
182
182
|
rubyforge_project:
|
183
|
-
rubygems_version: 2.6.
|
183
|
+
rubygems_version: 2.6.11
|
184
184
|
signing_key:
|
185
185
|
specification_version: 4
|
186
186
|
summary: JSON Implementation for Ruby
|