oj 3.16.17 → 3.17.3

data/ext/oj/parser.c

@@ -75,7 +75,7 @@ enum {
 
 /*
 0123456789abcdef0123456789abcdef */
-static const char value_map[257] = "\
+static const char value_map[258] = "\
 X........ab..a..................\
 a.i..........f..ghhhhhhhhh......\
 ...........................k.m..\
@@ -85,7 +85,7 @@ a.i..........f..ghhhhhhhhh......\
 ................................\
 ................................v";
 
-static const char null_map[257] = "\
+static const char null_map[258] = "\
 ................................\
 ............o...................\
 ................................\
@@ -95,7 +95,7 @@ static const char null_map[257] = "\
 ................................\
 ................................N";
 
-static const char true_map[257] = "\
+static const char true_map[258] = "\
 ................................\
 ............o...................\
 ................................\
@@ -105,7 +105,7 @@ static const char true_map[257] = "\
 ................................\
 ................................T";
 
-static const char false_map[257] = "\
+static const char false_map[258] = "\
 ................................\
 ............o...................\
 ................................\
@@ -115,7 +115,7 @@ static const char false_map[257] = "\
 ................................\
 ................................F";
 
-static const char comma_map[257] = "\
+static const char comma_map[258] = "\
 .........ab..a..................\
 a.i..........f..ghhhhhhhhh......\
 ...........................k....\
@@ -125,7 +125,7 @@ a.i..........f..ghhhhhhhhh......\
 ................................\
 ................................,";
 
-static const char after_map[257] = "\
+static const char after_map[258] = "\
 X........ab..a..................\
 a...........o...................\
 .............................m..\
@@ -135,7 +135,7 @@ a...........o...................\
 ................................\
 ................................a";
 
-static const char key1_map[257] = "\
+static const char key1_map[258] = "\
 .........ab..a..................\
 a.p.............................\
 ................................\
@@ -145,7 +145,7 @@ a.p.............................\
 ................................\
 ................................K";
 
-static const char key_map[257] = "\
+static const char key_map[258] = "\
 .........ab..a..................\
 a.p.............................\
 ................................\
@@ -155,7 +155,7 @@ a.p.............................\
 ................................\
 ................................k";
 
-static const char colon_map[257] = "\
+static const char colon_map[258] = "\
 .........ab..a..................\
 a.........................q.....\
 ................................\
@@ -165,7 +165,7 @@ a.........................q.....\
 ................................\
 ................................:";
 
-static const char neg_map[257] = "\
+static const char neg_map[258] = "\
 ................................\
 ................O---------......\
 ................................\
@@ -175,7 +175,7 @@ static const char neg_map[257] = "\
 ................................\
 ................................-";
 
-static const char zero_map[257] = "\
+static const char zero_map[258] = "\
 .........rs..r..................\
 r...........u.t.................\
 .............................H..\
@@ -185,7 +185,7 @@ r...........u.t.................\
 ................................\
 ................................0";
 
-static const char digit_map[257] = "\
+static const char digit_map[258] = "\
 .........rs..r..................\
 r...........u.t.NNNNNNNNNN......\
 .....w.......................H..\
@@ -195,7 +195,7 @@ r...........u.t.NNNNNNNNNN......\
 ................................\
 ................................d";
 
-static const char dot_map[257] = "\
+static const char dot_map[258] = "\
 ................................\
 ................vvvvvvvvvv......\
 ................................\
@@ -205,7 +205,7 @@ static const char dot_map[257] = "\
 ................................\
 .................................";
 
-static const char frac_map[257] = "\
+static const char frac_map[258] = "\
 .........rs..r..................\
 r...........u...vvvvvvvvvv......\
 .....w.......................H..\
@@ -215,7 +215,7 @@ r...........u...vvvvvvvvvv......\
 ................................\
 ................................f";
 
-static const char exp_sign_map[257] = "\
+static const char exp_sign_map[258] = "\
 ................................\
 ...........x.x..yyyyyyyyyy......\
 ................................\
@@ -225,7 +225,7 @@ static const char exp_sign_map[257] = "\
 ................................\
 ................................x";
 
-static const char exp_zero_map[257] = "\
+static const char exp_zero_map[258] = "\
 ................................\
 ................yyyyyyyyyy......\
 ................................\
@@ -235,7 +235,7 @@ static const char exp_zero_map[257] = "\
 ................................\
 ................................z";
 
-static const char exp_map[257] = "\
+static const char exp_map[258] = "\
 .........rs..r..................\
 r...........u...yyyyyyyyyy......\
 .............................H..\
@@ -245,7 +245,7 @@ r...........u...yyyyyyyyyy......\
 ................................\
 ................................X";
 
-static const char big_digit_map[257] = "\
+static const char big_digit_map[258] = "\
 .........rs..r..................\
 r...........u.D.CCCCCCCCCC......\
 .....J.......................H..\
@@ -255,7 +255,7 @@ r...........u.D.CCCCCCCCCC......\
 ................................\
 ................................D";
 
-static const char big_dot_map[257] = "\
+static const char big_dot_map[258] = "\
 ................................\
 ................IIIIIIIIII......\
 ................................\
@@ -265,7 +265,7 @@ static const char big_dot_map[257] = "\
 ................................\
 ................................o";
 
-static const char big_frac_map[257] = "\
+static const char big_frac_map[258] = "\
 .........rs..r..................\
 r...........u...IIIIIIIIII......\
 .....J.......................H..\
@@ -275,7 +275,7 @@ r...........u...IIIIIIIIII......\
 ................................\
 ................................g";
 
-static const char big_exp_sign_map[257] = "\
+static const char big_exp_sign_map[258] = "\
 ................................\
 ...........K.K..LLLLLLLLLL......\
 ................................\
@@ -285,7 +285,7 @@ static const char big_exp_sign_map[257] = "\
 ................................\
 ................................B";
 
-static const char big_exp_zero_map[257] = "\
+static const char big_exp_zero_map[258] = "\
 ................................\
 ................LLLLLLLLLL......\
 ................................\
@@ -295,7 +295,7 @@ static const char big_exp_zero_map[257] = "\
 ................................\
 ................................Z";
 
-static const char big_exp_map[257] = "\
+static const char big_exp_map[258] = "\
 .........rs..r..................\
 r...........u...LLLLLLLLLL......\
 .............................H..\
@@ -305,7 +305,7 @@ r...........u...LLLLLLLLLL......\
 ................................\
 ................................Y";
 
-static const char string_map[257] = "\
+static const char string_map[258] = "\
 ................................\
 RRzRRRRRRRRRRRRRRRRRRRRRRRRRRRRR\
 RRRRRRRRRRRRRRRRRRRRRRRRRRRRARRR\
@@ -315,7 +315,7 @@ RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR\
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM\
 PPPPPPPPPPPPPPPPQQQQQQQQ........s";
 
-static const char esc_map[257] = "\
+static const char esc_map[258] = "\
 ................................\
 ..B............B................\
 ............................B...\
@@ -325,7 +325,7 @@ static const char esc_map[257] = "\
 ................................\
 ................................~";
 
-static const char esc_byte_map[257] = "\
+static const char esc_byte_map[258] = "\
 ................................\
 ..\"............/................\
 ............................\\...\
@@ -335,7 +335,7 @@ static const char esc_byte_map[257] = "\
 ................................\
 ................................b";
 
-static const char u_map[257] = "\
+static const char u_map[258] = "\
 ................................\
 ................EEEEEEEEEE......\
 .EEEEEE.........................\
@@ -345,7 +345,7 @@ static const char u_map[257] = "\
 ................................\
 ................................u";
 
-static const char utf_map[257] = "\
+static const char utf_map[258] = "\
 ................................\
 ................................\
 ................................\
@@ -355,7 +355,7 @@ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS\
 ................................\
 ................................8";
 
-static const char space_map[257] = "\
+static const char space_map[258] = "\
 .........ab..a..................\
 a...............................\
 ................................\
@@ -365,7 +365,7 @@ a...............................\
 ................................\
 ................................S";
 
-static const char trail_map[257] = "\
+static const char trail_map[258] = "\
 .........ab..a..................\
 a...............................\
 ................................\
@@ -375,7 +375,7 @@ a...............................\
 ................................\
 ................................R";
 
-static const byte hex_map[256] = "\
+static const byte hex_map[257] = "\
 ................................\
 ................\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09......\
 .\x0a\x0b\x0c\x0d\x0e\x0f.........................\
@@ -594,7 +594,7 @@ static void big_change(ojParser p) {
     }
 }
 
-static void parse(ojParser p, const byte *json) {
+static void parse(ojParser p, const byte *json, bool more) {
     const byte *start;
     const byte *b = json;
     int         i;
@@ -635,7 +635,7 @@ static void parse(ojParser p, const byte *json) {
             if ('"' == *b) {
                 p->map = colon_map;
                 break;
-            } else if ('\0' == *b) {
+            } else if ('\0' == *b && !more) {
                 parse_error(p, "quoted string not terminated");
                 break;
             }
@@ -662,7 +662,7 @@ static void parse(ojParser p, const byte *json) {
                 p->funcs[p->stack[p->depth]].add_str(p);
                 p->map = (0 == p->depth) ? value_map : after_map;
                 break;
-            } else if ('\0' == *b) {
+            } else if ('\0' == *b && !more) {
                 parse_error(p, "quoted string not terminated");
                 break;
             }
@@ -674,6 +674,10 @@ static void parse(ojParser p, const byte *json) {
             p->cur = b - json;
             p->funcs[p->stack[p->depth]].open_object(p);
             p->depth++;
+            if ((int)sizeof(p->stack) <= p->depth) {
+                parse_error(p, "too deeply nested");
+                break;
+            }
             p->stack[p->depth] = OBJECT_FUN;
             p->map             = key1_map;
             break;
@@ -696,6 +700,10 @@ static void parse(ojParser p, const byte *json) {
             p->cur = b - json;
             p->funcs[p->stack[p->depth]].open_array(p);
             p->depth++;
+            if ((int)sizeof(p->stack) <= p->depth) {
+                parse_error(p, "too deeply nested");
+                break;
+            }
             p->stack[p->depth] = ARRAY_FUN;
             p->map             = value_map;
             break;
@@ -1182,6 +1190,8 @@ extern void oj_set_parser_validator(ojParser p);
 extern void oj_set_parser_saj(ojParser p);
 extern void oj_set_parser_usual(ojParser p);
 extern void oj_set_parser_debug(ojParser p);
+extern void oj_set_parser_safe(ojParser p, VALUE options);
+extern void oj_safe_init(VALUE parser_class);
 
 static int opt_cb(VALUE rkey, VALUE value, VALUE ptr) {
     ojParser    p   = (ojParser)ptr;
@@ -1376,7 +1386,6 @@ static void validate_non_primitives_are_complete(ojParser p) {
     if (0 >= p->depth) {
         return;
     }
-
     if (OBJECT_FUN == p->stack[p->depth]) {
         parse_error(p, "Object is not closed");
     } else {
@@ -1398,14 +1407,19 @@ static void validate_document_end(ojParser p) {
  */
 static VALUE parser_parse(VALUE self, VALUE json) {
     ojParser    p;
-    const byte *ptr = (const byte *)StringValuePtr(json);
+    int         frozen = OBJ_FROZEN(json);
+    const byte *ptr;
+
+    if (!frozen) {
+        rb_str_freeze(json);
+    }
+    ptr = (const byte *)StringValuePtr(json);
 
     TypedData_Get_Struct(self, struct _ojParser, &oj_parser_type, p);
 
     parser_reset(p);
     p->start(p);
-    parse(p, ptr);
-
+    parse(p, ptr, false);
     validate_document_end(p);
 
     return p->result(p);
@@ -1426,7 +1440,7 @@ static VALUE load(VALUE self) {
     while (true) {
         rb_funcall(p->reader, oj_readpartial_id, 2, INT2NUM(16385), rbuf);
         if (0 < RSTRING_LEN(rbuf)) {
-            parse(p, (byte *)StringValuePtr(rbuf));
+            parse(p, (byte *)StringValuePtr(rbuf), true);
         }
         if (Qtrue == rb_funcall(p->reader, oj_eofq_id, 0)) {
             if (0 < p->depth) {
@@ -1496,7 +1510,7 @@ static VALUE parser_file(VALUE self, VALUE filename) {
     while (true) {
         if (0 < (rsize = read(fd, buf, size))) {
             buf[rsize] = '\0';
-            parse(p, buf);
+            parse(p, buf, true);
         }
         if (rsize <= 0) {
             if (0 != rsize) {
@@ -1607,6 +1621,28 @@ static VALUE parser_validate(VALUE self) {
     return validate_parser;
 }
 
+static VALUE parser_safe(int argc, VALUE *argv, VALUE self) {
+    VALUE options;
+
+    if (1 == argc) {
+        options = argv[0];
+
+        Check_Type(options, T_HASH);
+    } else {
+        options = rb_hash_new();
+    }
+
+    ojParser p = OJ_R_ALLOC(struct _ojParser);
+
+    memset(p, 0, sizeof(struct _ojParser));
+    buf_init(&p->key);
+    buf_init(&p->buf);
+    p->map = value_map;
+    oj_set_parser_safe(p, options);
+
+    return TypedData_Wrap_Struct(parser_class, &oj_parser_type, p);
+}
+
 /* Document-class: Oj::Parser
  *
  * A reusable parser that makes use of named delegates to determine the
@@ -1634,4 +1670,7 @@ void oj_parser_init(void) {
     rb_define_module_function(parser_class, "usual", parser_usual, 0);
     rb_define_module_function(parser_class, "saj", parser_saj, 0);
     rb_define_module_function(parser_class, "validate", parser_validate, 0);
+    rb_define_module_function(parser_class, "safe", parser_safe, -1);
+
+    oj_safe_init(parser_class);
 }

data/ext/oj/rxclass.c

@@ -96,7 +96,7 @@ int oj_rxclass_append(RxClass rc, const char *expr, VALUE clas) {
 }
 
 VALUE
-oj_rxclass_match(RxClass rc, const char *str, int len) {
+oj_rxclass_match(RxClass rc, const char *str, size_t len) {
     RxC  rxc;
     char buf[4096];
 

data/ext/oj/rxclass.h

@@ -19,7 +19,7 @@ typedef struct _rxClass {
 extern void  oj_rxclass_init(RxClass rc);
 extern void  oj_rxclass_cleanup(RxClass rc);
 extern int   oj_rxclass_append(RxClass rc, const char *expr, VALUE clas);
-extern VALUE oj_rxclass_match(RxClass rc, const char *str, int len);
+extern VALUE oj_rxclass_match(RxClass rc, const char *str, size_t len);
 extern void  oj_rxclass_copy(RxClass src, RxClass dest);
 extern void  oj_rxclass_rappend(RxClass rc, VALUE rx, VALUE clas);
 

data/ext/oj/safe.c

@@ -0,0 +1,230 @@
+
+#include "safe.h"
+
+static VALUE max_hash_size_sym, max_array_size_sym, max_depth_sym, max_total_elements_sym, max_hash_size_error_class,
+    max_array_size_error_class, max_depth_error_class, max_total_elements_error_class;
+
+static void check_object_size(safe_T safe) {
+    if (NIL_P(safe->max_hash_size)) {
+        return;
+    }
+
+    struct _usual usual                   = safe->usual;
+    Col           current_object_location = usual.ctail - 1;
+
+    long int number_of_items_in_stack = usual.vtail - usual.vhead;
+    long int number_of_items_in_hash  = (number_of_items_in_stack - current_object_location->vi - 1) / 2;
+
+    if (safe->max_hash_size > number_of_items_in_hash) {
+        return;
+    }
+
+    rb_raise(max_hash_size_error_class, "Too many object items!");
+}
+
+static void check_array_size(safe_T safe) {
+    if (NIL_P(safe->max_array_size)) {
+        return;
+    }
+
+    struct _usual usual                   = safe->usual;
+    Col           current_object_location = usual.ctail - 1;
+
+    long int number_of_items_in_stack = usual.vtail - usual.vhead;
+    long int number_of_items_in_array = number_of_items_in_stack - current_object_location->vi - 1;
+
+    if (safe->max_array_size > number_of_items_in_array) {
+        return;
+    }
+
+    rb_raise(max_array_size_error_class, "Too many array items!");
+}
+
+static void check_max_depth(safe_T safe, ojParser p) {
+    if (NIL_P(safe->max_depth) || safe->max_depth >= (p->depth + 1)) {
+        return;
+    }
+
+    rb_raise(max_depth_error_class, "JSON is too deep!");
+}
+
+static void check_max_total_elements(safe_T safe) {
+    /*
+    * We check if `max_total_elements` is greater than `current_elements_count`
+    * (instead of greater than or equal) because top-level elements (e.g., [],
+    * null, true) are not counted. As a result, `current_elements_count`
+    * always holds one less than the actual total.
+    */
+    if (NIL_P(safe->max_total_elements) || safe->max_total_elements > safe->current_elements_count) {
+        return;
+    }
+
+    rb_raise(max_total_elements_error_class, "Too many elements!");
+}
+
+static void safe_start(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size      = 0;
+    safe->current_array_size     = 0;
+    safe->current_elements_count = 0;
+
+    safe->delegated_start_func(p);
+}
+
+static void safe_open_object(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size++;
+    safe->current_elements_count++;
+
+    check_array_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_object_func(p);
+}
+
+static void safe_open_array(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_array_size++;
+    safe->current_elements_count++;
+
+    check_array_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_array_func(p);
+}
+
+DEFINE_DELEGATED_FUNCTION(add_null);
+DEFINE_DELEGATED_FUNCTION(add_true);
+DEFINE_DELEGATED_FUNCTION(add_false);
+DEFINE_DELEGATED_FUNCTION(add_int);
+DEFINE_DELEGATED_FUNCTION(add_float);
+DEFINE_DELEGATED_FUNCTION(add_big);
+DEFINE_DELEGATED_FUNCTION(add_str);
+
+static void safe_open_object_key(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size++;
+    safe->current_elements_count += 2;
+
+    check_object_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_object_key_func(p);
+}
+
+static void safe_open_array_key(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_array_size++;
+    safe->current_elements_count += 2;
+
+    check_object_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_array_key_func(p);
+}
+
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_null);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_true);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_false);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_int);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_float);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_big);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_str);
+
+void oj_init_safe_parser(ojParser p, safe_T safe, VALUE options) {
+    // Safe parser inherits all members of usual parser
+    oj_init_usual(p, &safe->usual);
+
+    safe->delegated_start_func = p->start;
+    p->start                   = safe_start;
+
+    Funcs f;
+
+    // Array parser functions
+    f                                = &p->funcs[ARRAY_FUN];
+    safe->delegated_open_object_func = f->open_object;
+    f->open_object                   = safe_open_object;
+    safe->delegated_open_array_func  = f->open_array;
+    f->open_array                    = safe_open_array;
+    // The following overrides are done for counting objects
+    safe->delegated_add_null_func  = f->add_null;
+    f->add_null                    = safe_add_null;
+    safe->delegated_add_true_func  = f->add_true;
+    f->add_true                    = safe_add_true;
+    safe->delegated_add_false_func = f->add_false;
+    f->add_false                   = safe_add_false;
+    safe->delegated_add_int_func   = f->add_int;
+    f->add_int                     = safe_add_int;
+    safe->delegated_add_float_func = f->add_float;
+    f->add_float                   = safe_add_float;
+    safe->delegated_add_big_func   = f->add_big;
+    f->add_big                     = safe_add_big;
+    safe->delegated_add_str_func   = f->add_str;
+    f->add_str                     = safe_add_str;
+
+    // Object parser functions
+    f                                    = &p->funcs[OBJECT_FUN];
+    safe->delegated_open_object_key_func = f->open_object;
+    f->open_object                       = safe_open_object_key;
+    safe->delegated_open_array_key_func  = f->open_array;
+    f->open_array                        = safe_open_array_key;
+    // The following overrides are done for counting objects
+    safe->delegated_add_null_key_func  = f->add_null;
+    f->add_null                        = safe_add_null_key;
+    safe->delegated_add_true_key_func  = f->add_true;
+    f->add_true                        = safe_add_true_key;
+    safe->delegated_add_false_key_func = f->add_false;
+    f->add_false                       = safe_add_false_key;
+    safe->delegated_add_int_key_func   = f->add_int;
+    f->add_int                         = safe_add_int_key;
+    safe->delegated_add_float_key_func = f->add_float;
+    f->add_float                       = safe_add_float_key;
+    safe->delegated_add_big_key_func   = f->add_big;
+    f->add_big                         = safe_add_big_key;
+    safe->delegated_add_str_key_func   = f->add_str;
+    f->add_str                         = safe_add_str_key;
+
+    SET_CONFIG(max_hash_size);
+    SET_CONFIG(max_array_size);
+    SET_CONFIG(max_depth);
+    SET_CONFIG(max_total_elements);
+}
+
+void oj_set_parser_safe(ojParser p, VALUE options) {
+    safe_T s = OJ_R_ALLOC(struct _safe_S);
+
+    oj_init_safe_parser(p, s, options);
+}
+
+void oj_safe_init(VALUE parser_class) {
+    VALUE validation_error_class = rb_define_class_under(parser_class, "ValidationError", rb_eRuntimeError);
+
+    max_hash_size_error_class      = rb_define_class_under(parser_class, "HashSizeError", validation_error_class);
+    max_array_size_error_class     = rb_define_class_under(parser_class, "ArraySizeError", validation_error_class);
+    max_depth_error_class          = rb_define_class_under(parser_class, "DepthError", validation_error_class);
+    max_total_elements_error_class = rb_define_class_under(parser_class, "TotalElementsError", validation_error_class);
+
+    rb_gc_register_address(&max_hash_size_error_class);
+    rb_gc_register_address(&max_array_size_error_class);
+    rb_gc_register_address(&max_depth_error_class);
+    rb_gc_register_address(&max_total_elements_error_class);
+
+    max_hash_size_sym      = ID2SYM(rb_intern("max_hash_size"));
+    max_array_size_sym     = ID2SYM(rb_intern("max_array_size"));
+    max_depth_sym          = ID2SYM(rb_intern("max_depth"));
+    max_total_elements_sym = ID2SYM(rb_intern("max_total_elements"));
+
+    rb_gc_register_address(&max_hash_size_sym);
+    rb_gc_register_address(&max_array_size_sym);
+    rb_gc_register_address(&max_depth_sym);
+    rb_gc_register_address(&max_total_elements_sym);
+}