RubyGems - ox - Versions diffs - 2.14.25 → 2.14.27 - Mend

ox 2.14.25 → 2.14.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1fdd6c47d31f46414501f3719dc4b3b0c938517cbd0a03f982110657b3b7261b
-  data.tar.gz: 9d65bf85bc88e0421049230251ed87a2dfa078c0e2be5ab61b5da63f148d52e4
+  metadata.gz: b981c5e93cbbe907c8beb655007ebd2d3bfd740da911372ce82ea329e85773f0
+  data.tar.gz: 98935b178f268fad229368d02b2efd14529b4144aebae15b557aed80d20a5aac
 SHA512:
-  metadata.gz: a82cba42c5957d123ea2022f8cce3f65923c31f96b1ff67c176a75f538fef35e3d58585ba232fc972a7a41e94386a72cdec9fd16f341cbd080ea1d1c1de04fc1
-  data.tar.gz: 255570365253191fbe23824dbdc9262162dcea2fd5b297bc182ea2fd4eff25ecc4bc8484cadf56c3c4c5cee4fac2d0589140ee2d2d5e7f395f6e2edaf487cfe3
+  metadata.gz: aaa1d3f2183519ef26fd82b80f1bae7bef61216e8404ae03fcc0ad7c9b8e450b2acb423cb7f113be08fa3cab8ba448cf25425e7cc12e138a63e04c93642e2523
+  data.tar.gz: b0b0e20339a346d17a3a29b57e8c1d722b5999d346d775c6f587400aa8affa30e63186a5a6109dd59091fd13ecc172ef93d69e8168bc65a2aa70bd66e76f58ec

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,26 @@
 All changes to the Ox gem are documented here. Releases follow semantic versioning.
+## [2.14.27] - 2026-06-18
+### Fixed
+- Fixed stack overflow issue in the parser that occurred when reading
+  special character sequences.
+- Set a limit of 1000 as the maximum nesting depth of elements to
+  avoid stack exhaustion.
+- Added a note on the symbolize_keys option indicating it should not
+  be used on unregulated input where the symbol table could grow
+  indefinitely.
+## [2.14.26] - 2026-05-09
+### Fixed
+- Several fixes by by @albanpeignier
 ## [2.14.25] - 2026-04-23
 ### Added

data/ext/ox/base64.c CHANGED Viewed

@@ -11,7 +11,7 @@
 static char digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 /* invalid or terminating characters are set to 'X' or \x58 */
-static uchar s_digits[256] = "\
+static uchar s_digits[257] = "\
 \x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\
 \x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\
 \x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x58\x3E\x58\x58\x58\x3F\

data/ext/ox/ox.c CHANGED Viewed

@@ -274,7 +274,9 @@ static VALUE hints_to_overlay(Hints hints) {
  * - _:xsd_date_ [true|false|nil] use XSD date format instead of decimal format
  * - _:mode_ [:object|:generic|:limited|:hash|:hash_no_attrs|nil] load method to use for XML
  * - _:effort_ [:strict|:tolerant|:auto_define] set the tolerance level for loading
- * - _:symbolize_keys_ [true|false|nil] symbolize element attribute keys or leave as Strings
+ * - _:symbolize_keys_ [true|false|nil] symbolize element attribute keys or leave as Strings.
+ * Note that symbolized keys are more efficient but for uncontrolled input it can lead to unlimited
+ * growth of the symbol (intern) table.
  * - _:element_key_mod_ [Proc|nil] converts element keys on parse if not nil
  * - _:attr_key_mod_ [Proc|nil] converts attribute keys on parse if not nil
  * - _:skip_ [:skip_none|:skip_return|:skip_white|:skip_off] determines how to handle white space in text

data/ext/ox/parse.c CHANGED Viewed

@@ -18,11 +18,13 @@
 #include "ruby.h"
 #include "special.h"
+#define MAX_ELEMENT_DEPTH 1000
 static void  mark_pi_cb(void *ptr);
 static void  read_instruction(PInfo pi);
 static void  read_doctype(PInfo pi);
 static void  read_comment(PInfo pi);
-static char *read_element(PInfo pi);
+static char *read_element(PInfo pi, int depth);
 static void  read_text(PInfo pi);
 /*static void	  read_reduced_text(PInfo pi); */
 static void  read_cdata(PInfo pi);
@@ -216,7 +218,7 @@ ox_parse(char *xml, size_t len, ParseCallbacks pcb, char **endp, Options options
             helper_stack_cleanup(&pi.helpers);
             return Qnil;
         default:
-            read_element(&pi);
+            read_element(&pi, 0);
             body_read = 1;
             break;
         }
@@ -302,6 +304,11 @@ DONE:
             }
             end = pi->s;
             next_non_white(pi);
+            if ('\0' == *pi->s) {
+                attr_stack_cleanup(&attrs);
+                set_error(&pi->err, "invalid format, processing instruction not terminated", pi->str, pi->s);
+                return;
+            }
             if ('=' != *pi->s++) {
                 attrs_ok = false;
                 break;
@@ -364,7 +371,8 @@ static void read_delimited(PInfo pi, char end) {
     if ('"' == end || '\'' == end) {
         for (c = *pi->s++; end != c; c = *pi->s++) {
             if ('\0' == c) {
-                set_error(&pi->err, "invalid format, dectype not terminated", pi->str, pi->s);
+                pi->s--;
+                set_error(&pi->err, "invalid format, doctype not terminated", pi->str, pi->s);
                 return;
             }
         }
@@ -375,7 +383,10 @@ static void read_delimited(PInfo pi, char end) {
                 return;
             }
             switch (c) {
-            case '\0': set_error(&pi->err, "invalid format, dectype not terminated", pi->str, pi->s); return;
+            case '\0':
+                pi->s--;
+                set_error(&pi->err, "invalid format, doctype not terminated", pi->str, pi->s);
+                return;
             case '"': read_delimited(pi, c); break;
             case '\'': read_delimited(pi, c); break;
             case '[': read_delimited(pi, ']'); break;
@@ -443,7 +454,7 @@ static void read_comment(PInfo pi) {
 // Entered after the '<' and the first character after that. Returns stat
 // code.
-static char *read_element(PInfo pi) {
+static char *read_element(PInfo pi, int depth) {
     struct _attrStack attrs;
     const char       *attr_name;
     const char       *attr_value;
@@ -455,6 +466,10 @@ static char *read_element(PInfo pi) {
     int               hasChildren = 0;
     int               done        = 0;
+    if (MAX_ELEMENT_DEPTH < depth) {
+        set_error(&pi->err, "element nested too deeply, limit is 1000", pi->str, pi->s);
+        return 0;
+    }
     attr_stack_init(&attrs);
     if (0 == (ename = read_name_token(pi))) {
         return 0;
@@ -535,6 +550,7 @@ static char *read_element(PInfo pi) {
                     break;
                 } else {
                     attr_stack_cleanup(&attrs);
+                    pi->s--;
                     set_error(&pi->err, "invalid format, no attribute value", pi->str, pi->s);
                     return 0;
                 }
@@ -579,7 +595,7 @@ static char *read_element(PInfo pi) {
             c = *pi->s++;
             if ('\0' == c) {
                 attr_stack_cleanup(&attrs);
-                set_error(&pi->err, "invalid format, document not terminated", pi->str, pi->s);
+                set_error(&pi->err, "invalid format, document not terminated", pi->str, pi->s - 1);
                 return 0;
             }
             if ('<' == c) {
@@ -674,7 +690,7 @@ static char *read_element(PInfo pi) {
                     first = 0;
                     /* a child element */
                     // Child closed with mismatched name.
-                    if (0 != (name = read_element(pi))) {
+                    if (0 != (name = read_element(pi, depth + 1))) {
                         attr_stack_cleanup(&attrs);
                         if (0 ==
@@ -701,6 +717,11 @@ static char *read_element(PInfo pi) {
                 read_text(pi);
                 /*read_reduced_text(pi); */
+                if (err_has(&pi->err)) {
+                    attr_stack_cleanup(&attrs);
+                    return 0;
+                }
                 /* to exit read_text with no errors the next character must be < */
                 if ('/' == *(pi->s + 1) &&
                     0 == ((TolerantEffort == pi->options->effort) ? strncasecmp(ename, pi->s + 2, elen)
@@ -734,7 +755,10 @@ static void read_text(PInfo pi) {
             done = 1;
             pi->s--;
             break;
-        case '\0': set_error(&pi->err, "invalid format, document not terminated", pi->str, pi->s); return;
+        case '\0':
+            pi->s--;
+            set_error(&pi->err, "invalid format, document not terminated", pi->str, pi->s);
+            return;
         default:
             if (end <= (b + (('&' == c) ? 7 : 0))) { /* extra 8 for special just in case it is sequence of bytes */
                 unsigned long size;
@@ -1027,6 +1051,10 @@ static char *read_coded_chars(PInfo pi, char *text) {
     for (b = buf, s = pi->s; b < end; b++, s++) {
         *b = *s;
+        if ('\0' == *s) {
+            set_error(&pi->err, "Not terminated coded char.", pi->str, pi->s);
+            return NULL;
+        }
         if (';' == *s) {
             *(b + 1) = '\0';
             blen     = b - buf;
@@ -1034,7 +1062,8 @@ static char *read_coded_chars(PInfo pi, char *text) {
             break;
         }
     }
-    if (b > end) {
+    if (b >= end) {
+        // No terminating ; found in the first 31 bytes after an &.
         *text++ = '&';
     } else if ('#' == *buf) {
         uint64_t u = 0;

data/ext/ox/sax.c CHANGED Viewed

@@ -1496,7 +1496,11 @@ int ox_sax_collapse_special(SaxDrive dr, char *str, long pos, long line, long co
                     c = '&';
                 } else {
                     b = bn;
-                    s = s2 + 1;
+                    if ('\0' != *s2) {
+                        s = s2 + 1;
+                    } else {
+                        s = s2;
+                    }
                     continue;
                 }
             }

data/ext/ox/sax_buf.c CHANGED Viewed

@@ -69,8 +69,8 @@ void ox_sax_buf_init(Buf buf, VALUE io) {
 }
 int ox_sax_buf_read(Buf buf) {
-    int    err;
-    size_t shift = 0;
+    int  err;
+    long shift = 0;
     // if there is not much room to read into, shift or realloc a larger buffer.
     if (buf->head < buf->tail && 4096 > buf->end - buf->tail) {

data/lib/ox/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Ox
   # Current version of the module.
-  VERSION = '2.14.25'
+  VERSION = '2.14.27'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ox
 version: !ruby/object:Gem::Version
-  version: 2.14.25
+  version: 2.14.27
 platform: ruby
 authors:
 - Peter Ohler
@@ -51,7 +51,6 @@ files:
 - ext/ox/err.c
 - ext/ox/err.h
 - ext/ox/extconf.rb
-- ext/ox/foo.h
 - ext/ox/gen_load.c
 - ext/ox/hash_load.c
 - ext/ox/helper.h
@@ -123,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: A fast XML parser and object serializer.
 test_files: []

data/ext/ox/foo.h DELETED Viewed

@@ -1,204 +0,0 @@
-/* sax_buf.h
- * Copyright (c) 2011, Peter Ohler
- * All rights reserved.
- */
-#ifndef OX_SAX_BUF_H
-#define OX_SAX_BUF_H
-#include <stdio.h>
-typedef struct _buf {
-    char  base[0x00001000];
-    char *head;
-    char *end;
-    char *tail;
-    char *read_end; /* one past last character read */
-    char *pro;      /* protection start, buffer can not slide past this point */
-    char *str;      /* start of current string being read */
-    off_t pos;
-    off_t line;
-    off_t col;
-    off_t pro_pos;
-    off_t pro_line;
-    off_t pro_col;
-    int (*read_func)(struct _buf *buf);
-    union {
-        int         fd;
-        VALUE       io;
-        const char *str;
-    } in;
-    struct _saxDrive *dr;
-} *Buf;
-typedef struct _checkPt {
-    off_t pro_dif;
-    off_t pos;
-    off_t line;
-    off_t col;
-    char  c;
-} *CheckPt;
-#define CHECK_PT_INIT {-1, 0, 0, 0, '\0'}
-extern void ox_sax_buf_init(Buf buf, VALUE io);
-extern int  ox_sax_buf_read(Buf buf);
-static inline char buf_get(Buf buf) {
-    // printf("*** drive get from '%s'  from start: %ld  buf: %p  from read_end: %ld\n", buf->tail, buf->tail -
-    // buf->head, buf->head, buf->read_end - buf->tail);
-    if (buf->read_end <= buf->tail) {
-        if (0 != ox_sax_buf_read(buf)) {
-            return '\0';
-        }
-    }
-    if ('\n' == *buf->tail) {
-        buf->line++;
-        buf->col = 0;
-    } else {
-        buf->col++;
-    }
-    buf->pos++;
-    return *buf->tail++;
-}
-static inline void buf_backup(Buf buf) {
-    buf->tail--;
-    buf->col--;
-    buf->pos--;
-    if (0 >= buf->col) {
-        buf->line--;
-        // allow col to be negative since we never backup twice in a row
-    }
-}
-static inline void buf_protect(Buf buf) {
-    buf->pro      = buf->tail;
-    buf->str      = buf->tail;  // can't have str before pro
-    buf->pro_pos  = buf->pos;
-    buf->pro_line = buf->line;
-    buf->pro_col  = buf->col;
-}
-static inline void buf_reset(Buf buf) {
-    buf->tail = buf->pro;
-    buf->pos  = buf->pro_pos;
-    buf->line = buf->pro_line;
-    buf->col  = buf->pro_col;
-}
-/* Starts by reading a character so it is safe to use with an empty or
- * compacted buffer.
- */
-static inline char buf_next_non_white(Buf buf) {
-    char c;
-    while ('\0' != (c = buf_get(buf))) {
-        switch (c) {
-        case ' ':
-        case '\t':
-        case '\f':
-        case '\n':
-        case '\r': break;
-        default: return c;
-        }
-    }
-    return '\0';
-}
-/* Starts by reading a character so it is safe to use with an empty or
- * compacted buffer.
- */
-static inline char buf_next_white(Buf buf) {
-    char c;
-    while ('\0' != (c = buf_get(buf))) {
-        switch (c) {
-        case ' ':
-        case '\t':
-        case '\f':
-        case '\n':
-        case '\r':
-        case '\0': return c;
-        default: break;
-        }
-    }
-    return '\0';
-}
-static inline void buf_cleanup(Buf buf) {
-    if (buf->base != buf->head && 0 != buf->head) {
-        xfree(buf->head);
-        buf->head = 0;
-    }
-}
-static inline int is_white(char c) {
-    switch (c) {
-    case ' ':
-    case '\t':
-    case '\f':
-    case '\n':
-    case '\r': return 1;
-    default: break;
-    }
-    return 0;
-}
-static inline void buf_checkpoint(Buf buf, CheckPt cp) {
-    cp->pro_dif = (int)(buf->tail - buf->pro);
-    cp->pos     = buf->pos;
-    cp->line    = buf->line;
-    cp->col     = buf->col;
-    cp->c       = *(buf->tail - 1);
-}
-static inline int buf_checkset(CheckPt cp) {
-    return (0 <= cp->pro_dif);
-}
-static inline char buf_checkback(Buf buf, CheckPt cp) {
-    buf->tail = buf->pro + cp->pro_dif;
-    buf->pos  = cp->pos;
-    buf->line = cp->line;
-    buf->col  = cp->col;
-    return cp->c;
-}
-static inline void buf_collapse_return(char *str) {
-    char *s    = str;
-    char *back = str;
-    for (; '\0' != *s; s++) {
-        if (back != str && '\n' == *s && '\r' == *(back - 1)) {
-            *(back - 1) = '\n';
-        } else {
-            *back++ = *s;
-        }
-    }
-    *back = '\0';
-}
-static inline void buf_collapse_white(char *str) {
-    char *s    = str;
-    char *back = str;
-    for (; '\0' != *s; s++) {
-        switch (*s) {
-        case ' ':
-        case '\t':
-        case '\f':
-        case '\n':
-        case '\r':
-            if (back == str || ' ' != *(back - 1)) {
-                *back++ = ' ';
-            }
-            break;
-        default: *back++ = *s; break;
-        }
-    }
-    *back = '\0';
-}
-#endif /* OX_SAX_BUF_H */