oj_windows 3.16.15 → 3.17.2.1

data/ext/oj_windows/parse.c

@@ -360,11 +360,59 @@ static inline const char *scan_string_SSE2(const char *str, const char *end) {
 static const char *(*scan_func)(const char *str, const char *end) = scan_string_noSIMD;
 
 void oj_scanner_init(void) {
-#ifdef HAVE_SIMD_SSE4_2
+#if defined(HAVE_SIMD_SSE2) || defined(HAVE_SIMD_SSE4_2)
+    bool have_sse42 = false;
+#if defined(OJ_SIMD_SSE4_2_RUNTIME)
+    // MSVC x64: SSE2 is always available; SSE4.2 must be detected at runtime
+    // (CPUID leaf 1, ECX bit 20) since not every CPU supports it.
+    {
+        int regs[4];
+        __cpuid(regs, 1);
+        have_sse42 = (0 != (regs[2] & (1 << 20)));
+    }
+#elif defined(HAVE_SIMD_SSE4_2)
+    have_sse42 = true;  // GCC/Clang build compiled with -msse4.2
+#endif
+
+    // Optional diagnostic override: OJ_SCAN=scalar|sse2|sse42. PCMPESTRI (SSE4.2)
+    // is slow on some microarchitectures, so this allows measuring/forcing a
+    // specific scanner without rebuilding.
+    {
+        const char *force = getenv("OJ_SCAN");
+        if (NULL != force) {
+            if (0 == strcmp(force, "scalar")) {
+                scan_func = scan_string_noSIMD;
+                return;
+            }
+#if defined(HAVE_SIMD_SSE2)
+            if (0 == strcmp(force, "sse2")) {
+                scan_func = scan_string_SSE2;
+                return;
+            }
+#endif
+#if defined(HAVE_SIMD_SSE4_2)
+            if (0 == strcmp(force, "sse42") && have_sse42) {
+                scan_func = scan_string_SSE42;
+                return;
+            }
+#endif
+        }
+    }
+
+#if defined(OJ_SIMD_SSE4_2_RUNTIME)
+    // Both scanners are compiled. Benchmarks (string-heavy payloads) show the
+    // SSE2 scanner (PCMPEQB + PMOVMSKB) is as fast or faster than the SSE4.2
+    // scanner (PCMPESTRI, which is high-latency on many microarchitectures), and
+    // SSE2 is guaranteed on all x86_64 CPUs. Default to SSE2; use OJ_SCAN=sse42
+    // to opt into PCMPESTRI where it happens to win.
+    scan_func = scan_string_SSE2;
+    (void)have_sse42;
+#elif defined(HAVE_SIMD_SSE4_2)
     scan_func = scan_string_SSE42;
 #elif defined(HAVE_SIMD_SSE2)
     scan_func = scan_string_SSE2;
 #endif
+#endif  // HAVE_SIMD_SSE2 || HAVE_SIMD_SSE4_2
     // Note: ARM NEON string scanning would be added here if needed
 }
 

data/ext/oj_windows/parser.c

@@ -1176,6 +1176,8 @@ extern void oj_set_parser_validator(ojParser p);
 extern void oj_set_parser_saj(ojParser p);
 extern void oj_set_parser_usual(ojParser p);
 extern void oj_set_parser_debug(ojParser p);
+extern void oj_set_parser_safe(ojParser p, VALUE options);  // safe parser (upstream Oj 3.17.0)
+extern void oj_safe_init(VALUE parser_class);
 
 static int opt_cb(VALUE rkey, VALUE value, VALUE ptr) {
     ojParser    p   = (ojParser)ptr;
@@ -1354,6 +1356,37 @@ static VALUE parser_missing(int argc, VALUE *argv, VALUE self) {
     return p->option(p, key, rv);
 }
 
+// Ported from upstream Oj (3.16.16/3.16.17): when the input ends, make sure we
+// were not left mid-literal or inside an unclosed array/object. Without this an
+// incomplete document such as "tru", "[1,2" or "{\"a\":1" was accepted silently.
+static void validate_primitives_are_complete(ojParser p) {
+    if (0 >= p->ri) {
+        return;
+    }
+
+    switch (p->map[256]) {
+    case 'N': parse_error(p, "expected null"); break;
+    case 'F': parse_error(p, "expected false"); break;
+    case 'T': parse_error(p, "expected true"); break;
+    }
+}
+
+static void validate_non_primitives_are_complete(ojParser p) {
+    if (0 >= p->depth) {
+        return;
+    }
+    if (OBJECT_FUN == p->stack[p->depth]) {
+        parse_error(p, "Object is not closed");
+    } else {
+        parse_error(p, "Array is not closed");
+    }
+}
+
+static void validate_document_end(ojParser p) {
+    validate_primitives_are_complete(p);
+    validate_non_primitives_are_complete(p);
+}
+
 /* Document-method: parse(json)
  * call-seq: parse(json)
  *
@@ -1370,6 +1403,7 @@ static VALUE parser_parse(VALUE self, VALUE json) {
     parser_reset(p);
     p->start(p);
     parse(p, ptr);
+    validate_document_end(p);
 
     return p->result(p);
 }
@@ -1452,22 +1486,26 @@ static VALUE parser_file(VALUE self, VALUE filename) {
         return p->result(p);
     }
 #endif
-    byte   buf[16385];
-    size_t size = sizeof(buf) - 1;
-    size_t rsize;
+    byte buf[16385];
+    int  size = (int)(sizeof(buf) - 1);
+    int  rsize;
 
+    // read() returns a signed count: -1 on error, 0 at EOF. Capturing it in a
+    // signed int (not size_t) avoids -1 wrapping to SIZE_MAX, which would make
+    // `buf[rsize] = '\0'` an out-of-bounds write and the error check unreachable.
     while (true) {
-        if (0 < (rsize = read(fd, buf, size))) {
-            buf[rsize] = '\0';
-            parse(p, buf);
+        rsize = read(fd, buf, (unsigned int)size);
+        if (rsize < 0) {
+            close(fd);
+            rb_raise(rb_eIOError, "error reading from %s", path);
         }
-        if (rsize <= 0) {
-            if (0 != rsize) {
-                rb_raise(rb_eIOError, "error reading from %s", path);
-            }
+        if (0 == rsize) {  // EOF
             break;
         }
+        buf[rsize] = '\0';
+        parse(p, buf);
     }
+    close(fd);
     return p->result(p);
 }
 
@@ -1570,6 +1608,34 @@ static VALUE parser_validate(VALUE self) {
     return validate_parser;
 }
 
+/* Document-method: safe(options = {})
+ * call-seq: safe(options = {})
+ *
+ * Returns a parser that builds Ruby objects like the :usual parser but enforces
+ * configurable limits on untrusted input: :max_hash_size, :max_array_size,
+ * :max_depth, and :max_total_elements. Ported from upstream Oj 3.17.0.
+ */
+static VALUE parser_safe(int argc, VALUE *argv, VALUE self) {
+    VALUE options;
+
+    if (1 == argc) {
+        options = argv[0];
+        Check_Type(options, T_HASH);
+    } else {
+        options = rb_hash_new();
+    }
+
+    ojParser p = OJ_R_ALLOC(struct _ojParser);
+
+    memset(p, 0, sizeof(struct _ojParser));
+    buf_init(&p->key);
+    buf_init(&p->buf);
+    p->map = value_map;
+    oj_set_parser_safe(p, options);
+
+    return TypedData_Wrap_Struct(parser_class, &oj_parser_type, p);
+}
+
 /* Document-class: Oj::Parser
  *
  * A reusable parser that makes use of named delegates to determine the
@@ -1597,4 +1663,7 @@ void oj_parser_init(void) {
     rb_define_module_function(parser_class, "usual", parser_usual, 0);
     rb_define_module_function(parser_class, "saj", parser_saj, 0);
     rb_define_module_function(parser_class, "validate", parser_validate, 0);
+    rb_define_module_function(parser_class, "safe", parser_safe, -1);
+
+    oj_safe_init(parser_class);
 }

data/ext/oj_windows/reader.c

@@ -5,7 +5,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#if !IS_WINDOWS
 #include <sys/types.h>
+#endif
 #ifdef NEEDS_UIO
 #if NEEDS_UIO
 #include <sys/uio.h>

data/ext/oj_windows/rxclass.c

@@ -5,8 +5,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/types.h>
 #if !IS_WINDOWS
+#include <sys/types.h>
 #include <regex.h>
 #endif
 

data/ext/oj_windows/safe.c

@@ -0,0 +1,230 @@
+
+#include "safe.h"
+
+static VALUE max_hash_size_sym, max_array_size_sym, max_depth_sym, max_total_elements_sym, max_hash_size_error_class,
+    max_array_size_error_class, max_depth_error_class, max_total_elements_error_class;
+
+static void check_object_size(safe_T safe) {
+    if (NIL_P(safe->max_hash_size)) {
+        return;
+    }
+
+    struct _usual usual                   = safe->usual;
+    Col           current_object_location = usual.ctail - 1;
+
+    long int number_of_items_in_stack = usual.vtail - usual.vhead;
+    long int number_of_items_in_hash  = (number_of_items_in_stack - current_object_location->vi - 1) / 2;
+
+    if (safe->max_hash_size > number_of_items_in_hash) {
+        return;
+    }
+
+    rb_raise(max_hash_size_error_class, "Too many object items!");
+}
+
+static void check_array_size(safe_T safe) {
+    if (NIL_P(safe->max_array_size)) {
+        return;
+    }
+
+    struct _usual usual                   = safe->usual;
+    Col           current_object_location = usual.ctail - 1;
+
+    long int number_of_items_in_stack = usual.vtail - usual.vhead;
+    long int number_of_items_in_array = number_of_items_in_stack - current_object_location->vi - 1;
+
+    if (safe->max_array_size > number_of_items_in_array) {
+        return;
+    }
+
+    rb_raise(max_array_size_error_class, "Too many array items!");
+}
+
+static void check_max_depth(safe_T safe, ojParser p) {
+    if (NIL_P(safe->max_depth) || safe->max_depth >= (p->depth + 1)) {
+        return;
+    }
+
+    rb_raise(max_depth_error_class, "JSON is too deep!");
+}
+
+static void check_max_total_elements(safe_T safe) {
+    /*
+    * We check if `max_total_elements` is greater than `current_elements_count`
+    * (instead of greater than or equal) because top-level elements (e.g., [],
+    * null, true) are not counted. As a result, `current_elements_count`
+    * always holds one less than the actual total.
+    */
+    if (NIL_P(safe->max_total_elements) || safe->max_total_elements > safe->current_elements_count) {
+        return;
+    }
+
+    rb_raise(max_total_elements_error_class, "Too many elements!");
+}
+
+static void safe_start(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size      = 0;
+    safe->current_array_size     = 0;
+    safe->current_elements_count = 0;
+
+    safe->delegated_start_func(p);
+}
+
+static void safe_open_object(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size++;
+    safe->current_elements_count++;
+
+    check_array_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_object_func(p);
+}
+
+static void safe_open_array(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_array_size++;
+    safe->current_elements_count++;
+
+    check_array_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_array_func(p);
+}
+
+DEFINE_DELEGATED_FUNCTION(add_null);
+DEFINE_DELEGATED_FUNCTION(add_true);
+DEFINE_DELEGATED_FUNCTION(add_false);
+DEFINE_DELEGATED_FUNCTION(add_int);
+DEFINE_DELEGATED_FUNCTION(add_float);
+DEFINE_DELEGATED_FUNCTION(add_big);
+DEFINE_DELEGATED_FUNCTION(add_str);
+
+static void safe_open_object_key(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_hash_size++;
+    safe->current_elements_count += 2;
+
+    check_object_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_object_key_func(p);
+}
+
+static void safe_open_array_key(ojParser p) {
+    safe_T safe = (safe_T)p->ctx;
+
+    safe->current_array_size++;
+    safe->current_elements_count += 2;
+
+    check_object_size(safe);
+    check_max_depth(safe, p);
+    check_max_total_elements(safe);
+
+    safe->delegated_open_array_key_func(p);
+}
+
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_null);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_true);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_false);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_int);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_float);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_big);
+DEFINE_DELEGATED_OBJECT_FUNCTION(add_str);
+
+void oj_init_safe_parser(ojParser p, safe_T safe, VALUE options) {
+    // Safe parser inherits all members of usual parser
+    oj_init_usual(p, &safe->usual);
+
+    safe->delegated_start_func = p->start;
+    p->start                   = safe_start;
+
+    Funcs f;
+
+    // Array parser functions
+    f                                = &p->funcs[ARRAY_FUN];
+    safe->delegated_open_object_func = f->open_object;
+    f->open_object                   = safe_open_object;
+    safe->delegated_open_array_func  = f->open_array;
+    f->open_array                    = safe_open_array;
+    // The following overrides are done for counting objects
+    safe->delegated_add_null_func  = f->add_null;
+    f->add_null                    = safe_add_null;
+    safe->delegated_add_true_func  = f->add_true;
+    f->add_true                    = safe_add_true;
+    safe->delegated_add_false_func = f->add_false;
+    f->add_false                   = safe_add_false;
+    safe->delegated_add_int_func   = f->add_int;
+    f->add_int                     = safe_add_int;
+    safe->delegated_add_float_func = f->add_float;
+    f->add_float                   = safe_add_float;
+    safe->delegated_add_big_func   = f->add_big;
+    f->add_big                     = safe_add_big;
+    safe->delegated_add_str_func   = f->add_str;
+    f->add_str                     = safe_add_str;
+
+    // Object parser functions
+    f                                    = &p->funcs[OBJECT_FUN];
+    safe->delegated_open_object_key_func = f->open_object;
+    f->open_object                       = safe_open_object_key;
+    safe->delegated_open_array_key_func  = f->open_array;
+    f->open_array                        = safe_open_array_key;
+    // The following overrides are done for counting objects
+    safe->delegated_add_null_key_func  = f->add_null;
+    f->add_null                        = safe_add_null_key;
+    safe->delegated_add_true_key_func  = f->add_true;
+    f->add_true                        = safe_add_true_key;
+    safe->delegated_add_false_key_func = f->add_false;
+    f->add_false                       = safe_add_false_key;
+    safe->delegated_add_int_key_func   = f->add_int;
+    f->add_int                         = safe_add_int_key;
+    safe->delegated_add_float_key_func = f->add_float;
+    f->add_float                       = safe_add_float_key;
+    safe->delegated_add_big_key_func   = f->add_big;
+    f->add_big                         = safe_add_big_key;
+    safe->delegated_add_str_key_func   = f->add_str;
+    f->add_str                         = safe_add_str_key;
+
+    SET_CONFIG(max_hash_size);
+    SET_CONFIG(max_array_size);
+    SET_CONFIG(max_depth);
+    SET_CONFIG(max_total_elements);
+}
+
+void oj_set_parser_safe(ojParser p, VALUE options) {
+    safe_T s = OJ_R_ALLOC(struct _safe_S);
+
+    oj_init_safe_parser(p, s, options);
+}
+
+void oj_safe_init(VALUE parser_class) {
+    VALUE validation_error_class = rb_define_class_under(parser_class, "ValidationError", rb_eRuntimeError);
+
+    max_hash_size_error_class      = rb_define_class_under(parser_class, "HashSizeError", validation_error_class);
+    max_array_size_error_class     = rb_define_class_under(parser_class, "ArraySizeError", validation_error_class);
+    max_depth_error_class          = rb_define_class_under(parser_class, "DepthError", validation_error_class);
+    max_total_elements_error_class = rb_define_class_under(parser_class, "TotalElementsError", validation_error_class);
+
+    rb_gc_register_address(&max_hash_size_error_class);
+    rb_gc_register_address(&max_array_size_error_class);
+    rb_gc_register_address(&max_depth_error_class);
+    rb_gc_register_address(&max_total_elements_error_class);
+
+    max_hash_size_sym      = ID2SYM(rb_intern("max_hash_size"));
+    max_array_size_sym     = ID2SYM(rb_intern("max_array_size"));
+    max_depth_sym          = ID2SYM(rb_intern("max_depth"));
+    max_total_elements_sym = ID2SYM(rb_intern("max_total_elements"));
+
+    rb_gc_register_address(&max_hash_size_sym);
+    rb_gc_register_address(&max_array_size_sym);
+    rb_gc_register_address(&max_depth_sym);
+    rb_gc_register_address(&max_total_elements_sym);
+}

data/ext/oj_windows/safe.h

@@ -0,0 +1,79 @@
+#include <ruby.h>
+
+#include "parser.h"
+#include "usual.h"
+
+#define SET_CONFIG(config_name)                                                        \
+    do {                                                                               \
+        VALUE rb_##config_name = rb_hash_aref(options, config_name##_sym);             \
+                                                                                       \
+        if (RB_INTEGER_TYPE_P(rb_##config_name)) {                                     \
+            safe->config_name = NUM2LONG(rb_##config_name);                            \
+        } else if (!NIL_P(rb_##config_name)) {                                         \
+            rb_raise(rb_eArgError, "Incorrect value provided for `" #config_name "`"); \
+        } else {                                                                       \
+            safe->config_name = Qnil;                                                  \
+        }                                                                              \
+    } while (0);
+
+#define DEFINE_DELEGATED_FUNCTION(function_name)   \
+    static void safe_##function_name(ojParser p) { \
+        safe_T safe = (safe_T)p->ctx;              \
+                                                   \
+        safe->current_elements_count++;            \
+                                                   \
+        check_array_size(safe);                    \
+        check_max_total_elements(safe);            \
+                                                   \
+        safe->delegated_##function_name##_func(p); \
+    }
+
+#define DEFINE_DELEGATED_OBJECT_FUNCTION(function_name)  \
+    static void safe_##function_name##_key(ojParser p) { \
+        safe_T safe = (safe_T)p->ctx;                    \
+                                                         \
+        safe->current_elements_count += 2;               \
+                                                         \
+        check_object_size(safe);                         \
+        check_max_total_elements(safe);                  \
+                                                         \
+        safe->delegated_##function_name##_key_func(p);   \
+    }
+
+typedef struct _safe_S {
+    struct _usual usual;
+
+    long int max_hash_size;
+    long int max_array_size;
+    long int max_depth;
+    long int max_total_elements;
+    long int max_json_size_bytes;
+
+    long int current_hash_size;
+    long int current_array_size;
+    long int current_elements_count;
+
+    void (*delegated_start_func)(struct _ojParser *p);
+
+    // Array functions
+    void (*delegated_open_object_func)(struct _ojParser *p);
+    void (*delegated_open_array_func)(struct _ojParser *p);
+    void (*delegated_add_null_func)(struct _ojParser *p);
+    void (*delegated_add_true_func)(struct _ojParser *p);
+    void (*delegated_add_false_func)(struct _ojParser *p);
+    void (*delegated_add_int_func)(struct _ojParser *p);
+    void (*delegated_add_float_func)(struct _ojParser *p);
+    void (*delegated_add_big_func)(struct _ojParser *p);
+    void (*delegated_add_str_func)(struct _ojParser *p);
+
+    // Object functions
+    void (*delegated_open_object_key_func)(struct _ojParser *p);
+    void (*delegated_open_array_key_func)(struct _ojParser *p);
+    void (*delegated_add_null_key_func)(struct _ojParser *p);
+    void (*delegated_add_true_key_func)(struct _ojParser *p);
+    void (*delegated_add_false_key_func)(struct _ojParser *p);
+    void (*delegated_add_int_key_func)(struct _ojParser *p);
+    void (*delegated_add_float_key_func)(struct _ojParser *p);
+    void (*delegated_add_big_key_func)(struct _ojParser *p);
+    void (*delegated_add_str_key_func)(struct _ojParser *p);
+} *safe_T;

data/ext/oj_windows/simd.h

@@ -4,10 +4,31 @@
 // SIMD architecture detection and configuration
 // This header provides unified SIMD support across different CPU architectures
 
+// Escape hatch: build with -DOJ_DISABLE_SIMD to force the scalar scanner on any
+// platform (useful for debugging or comparison benchmarks).
+#ifndef OJ_DISABLE_SIMD
+
 // x86/x86_64 SIMD detection
 #if defined(__x86_64__) || defined(__i386__) || defined(_M_IX86) || defined(_M_X64)
 #define HAVE_SIMD_X86 1
 
+#if defined(_MSC_VER)
+// MSVC (cl.exe) does not define the GCC/Clang feature macros __SSE2__/__SSE4_2__,
+// and it requires no -msse flag to emit SSE intrinsics. On x64, SSE2 is guaranteed
+// by the architecture, so we enable the SSE2 scanner unconditionally. SSE4.2 is not
+// guaranteed by every CPU, so we also compile the SSE4.2 scanner but select it only
+// at runtime via CPUID (see oj_scanner_init() in parse.c).
+#if defined(_M_X64) || (defined(_M_IX86_FP) && _M_IX86_FP >= 2)
+#define HAVE_SIMD_SSE2 1
+#include <emmintrin.h>
+#define HAVE_SIMD_SSE4_2 1
+#define OJ_SIMD_SSE4_2_RUNTIME 1
+#include <nmmintrin.h>
+#include <intrin.h>  // __cpuid, _BitScanForward
+#endif
+
+#else  // GCC / Clang: gate on the -msseN feature macros set by extconf.rb.
+
 // SSE4.2 support (Intel Core i7+, AMD Bulldozer+)
 // Enabled automatically when compiler has -msse4.2 flag
 #if defined(__SSE4_2__)
@@ -21,6 +42,8 @@
 #include <emmintrin.h>
 #endif
 
+#endif  // _MSC_VER
+
 #endif  // x86/x86_64
 
 // ARM NEON detection
@@ -30,6 +53,8 @@
 #include <arm_neon.h>
 #endif
 
+#endif  // OJ_DISABLE_SIMD
+
 // Define which SIMD implementation to use (priority order: SSE4.2 > NEON > SSE2)
 #if defined(HAVE_SIMD_SSE4_2)
 #define HAVE_SIMD_STRING_SCAN 1
@@ -44,4 +69,25 @@
 #define SIMD_TYPE "none"
 #endif
 
+// Portability shims: the SSE scanners in parse.c are written with GCC/Clang
+// builtins. Provide MSVC-native equivalents so the same code compiles under
+// cl.exe. Only defined when an x86 SSE path is actually enabled, and guarded by
+// #ifndef so a real GCC/Clang build is never affected.
+#if defined(_MSC_VER) && (defined(HAVE_SIMD_SSE2) || defined(HAVE_SIMD_SSE4_2))
+#ifndef __builtin_prefetch
+#define __builtin_prefetch(addr, ...) _mm_prefetch((const char *)(addr), _MM_HINT_T0)
+#endif
+#ifndef __builtin_expect
+#define __builtin_expect(expr, expected) (expr)
+#endif
+static __forceinline int oj_msvc_ctz(unsigned int x) {
+    unsigned long index;
+    _BitScanForward(&index, x);  // callers guarantee x != 0
+    return (int)index;
+}
+#ifndef __builtin_ctz
+#define __builtin_ctz(x) oj_msvc_ctz((unsigned int)(x))
+#endif
+#endif
+
 #endif /* OJ_SIMD_H */

data/ext/oj_windows/sparse.c

@@ -405,6 +405,7 @@ static void read_num(ParseInfo pi) {
     char            c;
 
     reader_protect(&pi->rd);
+    ni.pi       = pi;  // ni->pi->err_class is dereferenced in oj_num_as_value
     ni.i        = 0;
     ni.num      = 0;
     ni.div      = 1;
@@ -556,6 +557,7 @@ static void read_nan(ParseInfo pi) {
     char            c;
 
     ni.str      = pi->rd.str;
+    ni.pi       = pi;  // ni->pi->err_class is dereferenced in oj_num_as_value
     ni.i        = 0;
     ni.num      = 0;
     ni.div      = 1;
@@ -752,6 +754,7 @@ void oj_sparse2(ParseInfo pi) {
                     return;
                 }
                 ni.str      = pi->rd.str;
+                ni.pi       = pi;  // ni->pi->err_class is dereferenced in oj_num_as_value
                 ni.i        = 0;
                 ni.num      = 0;
                 ni.div      = 1;

data/ext/oj_windows/usual.c

@@ -200,7 +200,10 @@ static void push_key(ojParser p) {
         d->ktail = d->khead + pos;
         d->kend  = d->khead + cap;
     }
-    d->ktail->len = klen;
+    if (32000 < klen) {  // extreme-size guard (upstream Oj 3.17.2); ktail->len is int16_t
+        rb_raise(oj_json_parser_error_class, "Key too long. Keys are limited to 32,000 bytes.");
+    }
+    d->ktail->len = (int16_t)klen;
     if (klen < sizeof(d->ktail->buf)) {
         memcpy(d->ktail->buf, key, klen);
         d->ktail->buf[klen] = '\0';

data/lib/oj_windows/version.rb

@@ -1,4 +1,4 @@
-module Oj
-  # Current version of the module.
-  VERSION = '3.16.15'
-end
+module Oj
+  # Current version of the module.
+  VERSION = '3.17.2.1'
+end

data/pages/InstallOptions.md

@@ -10,11 +10,21 @@ To enable Oj trace feature on Windows, use the `--enable-trace-log` option when
 Then, the trace logs will be displayed when `:trace` option is set to `true`.
 
 
-### Enable SIMD instructions
+### SIMD string scanning
+
+SIMD acceleration of string scanning is **enabled by default** on x86_64 (SSE2,
+which every x64 CPU supports) — no flag is required. The parser selects its
+scanner at load time; by default it uses the SSE2 scanner, which benchmarks
+fastest on common CPUs.
+
+To force the portable scalar scanner (e.g. for debugging or on a CPU where you
+want to compare), build with `--disable-simd`:
 
 ```powershell
-gem install oj_windows -- --with-sse42
+gem install oj_windows -- --disable-simd
 ```
 
-To enable the use of SIMD instructions in Oj, use the `--with-sse42` option when installing the gem.
-This will enable the use of the SSE4.2 instructions in the internal parser for improved performance.
+You can also override the scanner at runtime, without rebuilding, via the
+`OJ_SCAN` environment variable: `scalar`, `sse2`, or `sse42`. For example
+`set OJ_SCAN=sse42` opts into the SSE4.2 (PCMPESTRI) scanner, which can be
+faster on some microarchitectures.