json 2.17.0 → 2.17.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +8 -0
- data/ext/json/ext/parser/parser.c +22 -8
- data/lib/json/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a9a3645975d3e5df1aee69354bb7cefe81940009e677758de0f52617e82e871
|
|
4
|
+
data.tar.gz: 4dfdd1d03081d3a714798c7f9ac89d58285b9d6f7aa82edd430d6118120faad2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85cce8ba1edd888d298eebf4279c3381dbbe103b48f59a998db05026028b388317c39fc3c306d32f3e0ada010f0cdff42c978c1173b0af90c93e42d16e78246f
|
|
7
|
+
data.tar.gz: 8dd8ecf39713290c9fbaf0d1d574636e7c8392252edd7accd4fb2d0bf679f7eeb89efdd099e3d20a57df91ff96bf7bf0b30338d71a22f7cf666799713a3dd3e3
|
data/CHANGES.md
CHANGED
|
@@ -2,6 +2,14 @@
|
|
|
2
2
|
|
|
3
3
|
### Unreleased
|
|
4
4
|
|
|
5
|
+
### 2026-03-18 (2.17.1.2)
|
|
6
|
+
|
|
7
|
+
* Fix a format string injection vulnerability in JSON.parse(doc, allow_duplicate_key: false).
|
|
8
|
+
|
|
9
|
+
### 2025-12-04 (2.17.1)
|
|
10
|
+
|
|
11
|
+
* Fix a regression in parsing of unicode surogate pairs (`\uXX\uXX`) that could cause an invalid string to be returned.
|
|
12
|
+
|
|
5
13
|
### 2025-12-03 (2.17.0)
|
|
6
14
|
|
|
7
15
|
* Improve `JSON.load` and `JSON.unsafe_load` to allow passing options as second argument.
|
|
@@ -399,14 +399,9 @@ static void emit_parse_warning(const char *message, JSON_ParserState *state)
|
|
|
399
399
|
|
|
400
400
|
#define PARSE_ERROR_FRAGMENT_LEN 32
|
|
401
401
|
|
|
402
|
-
|
|
403
|
-
RBIMPL_ATTR_NORETURN()
|
|
404
|
-
#endif
|
|
405
|
-
static void raise_parse_error(const char *format, JSON_ParserState *state)
|
|
402
|
+
static VALUE build_parse_error_message(const char *format, JSON_ParserState *state, long line, long column)
|
|
406
403
|
{
|
|
407
404
|
unsigned char buffer[PARSE_ERROR_FRAGMENT_LEN + 3];
|
|
408
|
-
long line, column;
|
|
409
|
-
cursor_position(state, &line, &column);
|
|
410
405
|
|
|
411
406
|
const char *ptr = "EOF";
|
|
412
407
|
if (state->cursor && state->cursor < state->end) {
|
|
@@ -441,11 +436,23 @@ static void raise_parse_error(const char *format, JSON_ParserState *state)
|
|
|
441
436
|
VALUE msg = rb_sprintf(format, ptr);
|
|
442
437
|
VALUE message = rb_enc_sprintf(enc_utf8, "%s at line %ld column %ld", RSTRING_PTR(msg), line, column);
|
|
443
438
|
RB_GC_GUARD(msg);
|
|
439
|
+
return message;
|
|
440
|
+
}
|
|
444
441
|
|
|
442
|
+
static VALUE parse_error_new(VALUE message, long line, long column)
|
|
443
|
+
{
|
|
445
444
|
VALUE exc = rb_exc_new_str(rb_path2class("JSON::ParserError"), message);
|
|
446
445
|
rb_ivar_set(exc, rb_intern("@line"), LONG2NUM(line));
|
|
447
446
|
rb_ivar_set(exc, rb_intern("@column"), LONG2NUM(column));
|
|
448
|
-
|
|
447
|
+
return exc;
|
|
448
|
+
}
|
|
449
|
+
|
|
450
|
+
NORETURN(static) void raise_parse_error(const char *format, JSON_ParserState *state)
|
|
451
|
+
{
|
|
452
|
+
long line, column;
|
|
453
|
+
cursor_position(state, &line, &column);
|
|
454
|
+
VALUE message = build_parse_error_message(format, state, line, column);
|
|
455
|
+
rb_exc_raise(parse_error_new(message, line, column));
|
|
449
456
|
}
|
|
450
457
|
|
|
451
458
|
#ifdef RBIMPL_ATTR_NORETURN
|
|
@@ -651,7 +658,9 @@ static inline const char *json_next_backslash(const char *pe, const char *string
|
|
|
651
658
|
positions->size--;
|
|
652
659
|
const char *next_position = positions->positions[0];
|
|
653
660
|
positions->positions++;
|
|
654
|
-
|
|
661
|
+
if (next_position >= pe) {
|
|
662
|
+
return next_position;
|
|
663
|
+
}
|
|
655
664
|
}
|
|
656
665
|
|
|
657
666
|
if (positions->has_more) {
|
|
@@ -887,6 +896,11 @@ static void raise_duplicate_key_error(JSON_ParserState *state, VALUE duplicate_k
|
|
|
887
896
|
rb_inspect(duplicate_key)
|
|
888
897
|
);
|
|
889
898
|
|
|
899
|
+
long line, column;
|
|
900
|
+
cursor_position(state, &line, &column);
|
|
901
|
+
rb_str_concat(message, build_parse_error_message("", state, line, column)) ;
|
|
902
|
+
rb_exc_raise(parse_error_new(message, line, column));
|
|
903
|
+
|
|
890
904
|
raise_parse_error(RSTRING_PTR(message), state);
|
|
891
905
|
RB_GC_GUARD(message);
|
|
892
906
|
}
|
data/lib/json/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: json
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.17.
|
|
4
|
+
version: 2.17.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Florian Frank
|
|
@@ -84,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
84
84
|
- !ruby/object:Gem::Version
|
|
85
85
|
version: '0'
|
|
86
86
|
requirements: []
|
|
87
|
-
rubygems_version:
|
|
87
|
+
rubygems_version: 4.0.3
|
|
88
88
|
specification_version: 4
|
|
89
89
|
summary: JSON Implementation for Ruby
|
|
90
90
|
test_files: []
|