json 2.18.1 → 2.19.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb2890db4c527125d27bc7c21fc64d3ac532ffbec8080f89a678daf48c36e09e
-  data.tar.gz: c4b37d085d05d3c43df97b3c24898dc6be61c76ba64c749b5a8a86bf4fc1198d
+  metadata.gz: 0bbb85e1521c171ca73ab935cc00899ff3eb7086921a64542a3937fa9589848d
+  data.tar.gz: 328853f7f164d91522d6791a51cca5ccb3ae418410752a3fb72189bc14c157d5
 SHA512:
-  metadata.gz: fb55ef5a0aa6961ef0fe3bb30f398834820357045ad27a8fdb7e53eaba3af7c4d356ef26c0e73b7a87d2d9d51e500eae7193d7d1ae3aa1058c7973bcc462674b
-  data.tar.gz: bfb499789bbcee7f5f8d67e32ded664dc62c632ae39fe80bf4bff3d6aec16eee3730a7c4883216a393326f2ab33e94e5f9c58da4c5b31627347108c36c2b211c
+  metadata.gz: 326b0621e562eebc66f155cee358ca295dde7584e7f60268a354da3e8a1a02e13bfcd9fef7f9b2f9f2ea196987b07bb9e50578347231f14d9fb0e863ac9445ac
+  data.tar.gz: 0e9e2ab4c91b5544ac8440613a0fd63aab2f7b7ce5a39f41e786af736e80ca28de8d3388057134dde05ba53f4f150d24aa1a8cde92dac82abbb4104740409631

data/CHANGES.md

@@ -2,6 +2,31 @@
 
 ### Unreleased
 
+### 2026-05-04 (2.19.5)
+
+* Cap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.
+
+### 2026-04-19 (2.19.4)
+
+* Fix parsing of out of range floats (very large exponents that lead to either `0.0` or `Inf`).
+
+### 2026-03-25 (2.19.3)
+
+* Fix handling of unescaped control characters preceeded by a backslash.
+
+### 2026-03-18 (2.19.2)
+
+* Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
+
+### 2026-03-08 (2.19.1)
+
+* Fix a compiler dependent GC bug introduced in `2.18.0`.
+
+### 2026-03-06 (2.19.0)
+
+* Fix `allow_blank` parsing option to no longer allow invalid types (e.g. `load([], allow_blank: true)` now raise a type error).
+* Add `allow_invalid_escape` parsing option to ignore backslashes that aren't followed by one of the valid escape characters.
+
 ### 2026-02-03 (2.18.1)
 
 * Fix a potential crash in very specific circumstance if GC triggers during a call to `to_json`
@@ -11,6 +36,10 @@
 
 * Add `:allow_control_characters` parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).
 
+### 2026-03-18 (2.17.1.2) - Security Backport
+
+* Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
+
 ### 2025-12-04 (2.17.1)
 
 * Fix a regression in parsing of unicode surogate pairs (`\uXX\uXX`) that could cause an invalid string to be returned.
@@ -37,6 +66,10 @@
 * Optimized numbers parsing using SWAR (thanks to Scott Myron).
 * Optimized parsing of pretty printed documents using SWAR (thanks to Scott Myron).
 
+### 2026-03-18 (2.15.2.1) - Security Backport
+
+* Fix a format string injection vulnerability in `JSON.parse(doc, allow_duplicate_key: false)`. `CVE-2026-33210`.
+
 ### 2025-10-25 (2.15.2)
 
 * Fix `JSON::Coder` to have one dedicated depth counter per invocation.

data/ext/json/ext/fbuffer/fbuffer.h

@@ -11,11 +11,11 @@ enum fbuffer_type {
 
 typedef struct FBufferStruct {
     enum fbuffer_type type;
-    unsigned long initial_length;
-    unsigned long len;
-    unsigned long capa;
+    size_t initial_length;
+    size_t len;
+    size_t capa;
 #if JSON_DEBUG
-    unsigned long requested;
+    size_t requested;
 #endif
     char *ptr;
     VALUE io;
@@ -32,12 +32,12 @@ typedef struct FBufferStruct {
 
 static void fbuffer_free(FBuffer *fb);
 static void fbuffer_clear(FBuffer *fb);
-static void fbuffer_append(FBuffer *fb, const char *newstr, unsigned long len);
+static void fbuffer_append(FBuffer *fb, const char *newstr, size_t len);
 static void fbuffer_append_long(FBuffer *fb, long number);
 static inline void fbuffer_append_char(FBuffer *fb, char newchr);
 static VALUE fbuffer_finalize(FBuffer *fb);
 
-static void fbuffer_stack_init(FBuffer *fb, unsigned long initial_length, char *stack_buffer, long stack_buffer_size)
+static void fbuffer_stack_init(FBuffer *fb, size_t initial_length, char *stack_buffer, size_t stack_buffer_size)
 {
     fb->initial_length = (initial_length > 0) ? initial_length : FBUFFER_INITIAL_LENGTH_DEFAULT;
     if (stack_buffer) {
@@ -50,7 +50,7 @@ static void fbuffer_stack_init(FBuffer *fb, unsigned long initial_length, char *
 #endif
 }
 
-static inline void fbuffer_consumed(FBuffer *fb, unsigned long consumed)
+static inline void fbuffer_consumed(FBuffer *fb, size_t consumed)
 {
 #if JSON_DEBUG
     if (consumed > fb->requested) {
@@ -79,7 +79,7 @@ static void fbuffer_flush(FBuffer *fb)
     fbuffer_clear(fb);
 }
 
-static void fbuffer_realloc(FBuffer *fb, unsigned long required)
+static void fbuffer_realloc(FBuffer *fb, size_t required)
 {
     if (required > fb->capa) {
         if (fb->type == FBUFFER_STACK_ALLOCATED) {
@@ -94,7 +94,7 @@ static void fbuffer_realloc(FBuffer *fb, unsigned long required)
     }
 }
 
-static void fbuffer_do_inc_capa(FBuffer *fb, unsigned long requested)
+static void fbuffer_do_inc_capa(FBuffer *fb, size_t requested)
 {
     if (RB_UNLIKELY(fb->io)) {
         if (fb->capa < FBUFFER_IO_BUFFER_SIZE) {
@@ -108,7 +108,7 @@ static void fbuffer_do_inc_capa(FBuffer *fb, unsigned long requested)
         }
     }
 
-    unsigned long required;
+    size_t required;
 
     if (RB_UNLIKELY(!fb->ptr)) {
         fb->ptr = ALLOC_N(char, fb->initial_length);
@@ -120,7 +120,7 @@ static void fbuffer_do_inc_capa(FBuffer *fb, unsigned long requested)
     fbuffer_realloc(fb, required);
 }
 
-static inline void fbuffer_inc_capa(FBuffer *fb, unsigned long requested)
+static inline void fbuffer_inc_capa(FBuffer *fb, size_t requested)
 {
 #if JSON_DEBUG
     fb->requested = requested;
@@ -131,13 +131,13 @@ static inline void fbuffer_inc_capa(FBuffer *fb, unsigned long requested)
     }
 }
 
-static inline void fbuffer_append_reserved(FBuffer *fb, const char *newstr, unsigned long len)
+static inline void fbuffer_append_reserved(FBuffer *fb, const char *newstr, size_t len)
 {
     MEMCPY(fb->ptr + fb->len, newstr, char, len);
     fbuffer_consumed(fb, len);
 }
 
-static inline void fbuffer_append(FBuffer *fb, const char *newstr, unsigned long len)
+static inline void fbuffer_append(FBuffer *fb, const char *newstr, size_t len)
 {
     if (len > 0) {
         fbuffer_inc_capa(fb, len);
@@ -162,16 +162,17 @@ static inline void fbuffer_append_reserved_char(FBuffer *fb, char chr)
 static void fbuffer_append_str(FBuffer *fb, VALUE str)
 {
     const char *ptr;
-    unsigned long len;
+    size_t len;
     RSTRING_GETMEM(str, ptr, len);
 
     fbuffer_append(fb, ptr, len);
+    RB_GC_GUARD(str);
 }
 
 static void fbuffer_append_str_repeat(FBuffer *fb, VALUE str, size_t repeat)
 {
     const char *ptr;
-    unsigned long len;
+    size_t len;
     RSTRING_GETMEM(str, ptr, len);
 
     fbuffer_inc_capa(fb, repeat * len);
@@ -182,6 +183,7 @@ static void fbuffer_append_str_repeat(FBuffer *fb, VALUE str, size_t repeat)
         fbuffer_append_reserved(fb, ptr, len);
         repeat--;
     }
+    RB_GC_GUARD(str);
 }
 
 static inline void fbuffer_append_char(FBuffer *fb, char newchr)

data/ext/json/ext/generator/extconf.rb

@@ -5,6 +5,8 @@ if RUBY_ENGINE == 'truffleruby'
   File.write('Makefile', dummy_makefile("").join)
 else
   append_cflags("-std=c99")
+  have_const("RUBY_TYPED_EMBEDDABLE", "ruby.h") # RUBY_VERSION >= 3.3
+
   $defs << "-DJSON_GENERATOR"
   $defs << "-DJSON_DEBUG" if ENV.fetch("JSON_DEBUG", "0") != "0"