RubyGems - json - Versions diffs - 2.15.1 → 2.15.2.1 - Mend

json 2.15.1 → 2.15.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGES.md +9 -0
data/ext/json/ext/generator/generator.c +34 -5
data/ext/json/ext/parser/parser.c +19 -7
data/lib/json/truffle_ruby/generator.rb +5 -1
data/lib/json/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 981ed5b9d1d88ec48021ed8ab7757ab595dbb2bb5a16e9b3595dc4aae5c1f193
-  data.tar.gz: 1fc86464fa02dead5539e47dc37c3dcb3d068707ee8d1e32c574893e1bb702de
+  metadata.gz: e0a73f62257d521165faeb372eafe66beb01fe47b4790256840f4316aa762510
+  data.tar.gz: 135d0b30fd72cd54b91b84050fe86a67b1aaf909f2024f5a545288cfbe3a2088
 SHA512:
-  metadata.gz: c06d2e27a811c7b2368ed364f1fd72c0423922094ed29ec0de07a75db7aa53d3f2662aa80220f6d094fe39400603d2919b97308010fcc5c0efab86307089848b
-  data.tar.gz: c032759c67a721b378518dd3c555e4e1c3f1ca34ff00f1bb21a2f136b626399efdd9c5a701aa018c3c9d5da050d0c110ee98e29853d4949db125f524fad1fdae
+  metadata.gz: d51c8d7de86d2581845d73638053da3f7c5aea014da4a960630fd78bba234647e37b301dec74f93069cc584d7f2495a394dc4a5d5514f543dee195413a863ebf
+  data.tar.gz: 3a871434b7427979f6c860e7ec33772ff61ddd0d272ac40de51fc887a14f50e65653d70b8276b2b535870a20801d7e6c2068b6f5bfb68293fc0e0de3a82aa729

data/CHANGES.md CHANGED Viewed

@@ -2,6 +2,15 @@
 ### Unreleased
+### 2026-03-18 (2.15.2.1)
+* Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false).
+### 2025-10-25 (2.15.2)
+* Fix `JSON::Coder` to have one dedicated depth counter per invocation.
+  After encountering a circular reference in `JSON::Coder#dump`, any further `#dump` call would raise `JSON::NestingError`.
 ### 2025-10-07 (2.15.1)
 * Fix incorrect escaping in the JRuby extension when encoding shared strings.

data/ext/json/ext/generator/generator.c CHANGED Viewed

@@ -1124,7 +1124,7 @@ static inline long increase_depth(struct generate_json_data *data)
     JSON_Generator_State *state = data->state;
     long depth = ++state->depth;
     if (RB_UNLIKELY(depth > state->max_nesting && state->max_nesting)) {
-        rb_raise(eNestingError, "nesting of %ld is too deep", --state->depth);
+        rb_raise(eNestingError, "nesting of %ld is too deep. Did you try to serialize objects with circular references?", --state->depth);
     }
     return depth;
 }
@@ -1491,10 +1491,39 @@ static VALUE cState_generate(int argc, VALUE *argv, VALUE self)
     rb_check_arity(argc, 1, 2);
     VALUE obj = argv[0];
     VALUE io = argc > 1 ? argv[1] : Qnil;
-    VALUE result = cState_partial_generate(self, obj, generate_json, io);
+    return cState_partial_generate(self, obj, generate_json, io);
+}
+static VALUE cState_generate_new(int argc, VALUE *argv, VALUE self)
+{
+    rb_check_arity(argc, 1, 2);
+    VALUE obj = argv[0];
+    VALUE io = argc > 1 ? argv[1] : Qnil;
     GET_STATE(self);
-    (void)state;
-    return result;
+    JSON_Generator_State new_state;
+    MEMCPY(&new_state, state, JSON_Generator_State, 1);
+    // FIXME: depth shouldn't be part of JSON_Generator_State, as that prevents it from being used concurrently.
+    new_state.depth = 0;
+    char stack_buffer[FBUFFER_STACK_SIZE];
+    FBuffer buffer = {
+        .io = RTEST(io) ? io : Qfalse,
+    };
+    fbuffer_stack_init(&buffer, state->buffer_initial_length, stack_buffer, FBUFFER_STACK_SIZE);
+    struct generate_json_data data = {
+        .buffer = &buffer,
+        .vstate = Qfalse,
+        .state = &new_state,
+        .obj = obj,
+        .func = generate_json
+    };
+    rb_rescue(generate_json_try, (VALUE)&data, generate_json_rescue, (VALUE)&data);
+    return fbuffer_finalize(&buffer);
 }
 static VALUE cState_initialize(int argc, VALUE *argv, VALUE self)
@@ -2072,7 +2101,7 @@ void Init_generator(void)
     rb_define_method(cState, "buffer_initial_length", cState_buffer_initial_length, 0);
     rb_define_method(cState, "buffer_initial_length=", cState_buffer_initial_length_set, 1);
     rb_define_method(cState, "generate", cState_generate, -1);
-    rb_define_alias(cState, "generate_new", "generate"); // :nodoc:
+    rb_define_method(cState, "generate_new", cState_generate_new, -1); // :nodoc:
     rb_define_private_method(cState, "allow_duplicate_key?", cState_allow_duplicate_key_p, 0);

data/ext/json/ext/parser/parser.c CHANGED Viewed

@@ -428,14 +428,9 @@ static void emit_parse_warning(const char *message, JSON_ParserState *state)
 #define PARSE_ERROR_FRAGMENT_LEN 32
-#ifdef RBIMPL_ATTR_NORETURN
-RBIMPL_ATTR_NORETURN()
-#endif
-static void raise_parse_error(const char *format, JSON_ParserState *state)
+static VALUE build_parse_error_message(const char *format, JSON_ParserState *state, long line, long column)
 {
     unsigned char buffer[PARSE_ERROR_FRAGMENT_LEN + 3];
-    long line, column;
-    cursor_position(state, &line, &column);
     const char *ptr = "EOF";
     if (state->cursor && state->cursor < state->end) {
@@ -470,11 +465,23 @@ static void raise_parse_error(const char *format, JSON_ParserState *state)
     VALUE msg = rb_sprintf(format, ptr);
     VALUE message = rb_enc_sprintf(enc_utf8, "%s at line %ld column %ld", RSTRING_PTR(msg), line, column);
     RB_GC_GUARD(msg);
+    return message;
+}
+static VALUE parse_error_new(VALUE message, long line, long column)
+{
     VALUE exc = rb_exc_new_str(rb_path2class("JSON::ParserError"), message);
     rb_ivar_set(exc, rb_intern("@line"), LONG2NUM(line));
     rb_ivar_set(exc, rb_intern("@column"), LONG2NUM(column));
-    rb_exc_raise(exc);
+    return exc;
+}
+NORETURN(static) void raise_parse_error(const char *format, JSON_ParserState *state)
+{
+    long line, column;
+    cursor_position(state, &line, &column);
+    VALUE message = build_parse_error_message(format, state, line, column);
+    rb_exc_raise(parse_error_new(message, line, column));
 }
 #ifdef RBIMPL_ATTR_NORETURN
@@ -875,6 +882,11 @@ static void raise_duplicate_key_error(JSON_ParserState *state, VALUE duplicate_k
         rb_inspect(duplicate_key)
     );
+    long line, column;
+    cursor_position(state, &line, &column);
+    rb_str_concat(message, build_parse_error_message("", state, line, column)) ;
+    rb_exc_raise(parse_error_new(message, line, column));
     raise_parse_error(RSTRING_PTR(message), state);
     RB_GC_GUARD(message);
 }

data/lib/json/truffle_ruby/generator.rb CHANGED Viewed

@@ -212,7 +212,7 @@ module JSON
           return if @max_nesting.zero?
           current_nesting = depth + 1
           current_nesting > @max_nesting and
-            raise NestingError, "nesting of #{current_nesting} is too deep"
+            raise NestingError, "nesting of #{current_nesting} is too deep. Did you try to serialize objects with circular references?"
         end
         # Returns true, if circular data structures are checked,
@@ -347,6 +347,10 @@ module JSON
           dup.generate(obj, anIO)
         end
+        private def initialize_copy(_orig)
+          @depth = 0
+        end
         # Handles @allow_nan, @buffer_initial_length, other ivars must be the default value (see above)
         private def generate_json(obj, buf)
           case obj

data/lib/json/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module JSON
-  VERSION = '2.15.1'
+  VERSION = '2.15.2.1'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: json
 version: !ruby/object:Gem::Version
-  version: 2.15.1
+  version: 2.15.2.1
 platform: ruby
 authors:
 - Florian Frank
@@ -82,7 +82,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 4.0.3
 specification_version: 4
 summary: JSON Implementation for Ruby
 test_files: []