ox 2.9.3 → 2.9.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2ed84d3d4fbc1ce7e736c41db72f0be81b54e647916ec7904d3ed8bde7a9f3c0
-  data.tar.gz: d8b315fcbadfa83b886cf99ef1273da41511ce2633a2fae01ed9fb5f1a8ac872
+  metadata.gz: 9c220a3c8bc6e3606d936684b2cdde97146131cdee936c9a66bc8c4ce0473b90
+  data.tar.gz: 96e146a36eff4184918913f27cffb23a81de87835b14c4b30be612d13fb385b8
 SHA512:
-  metadata.gz: b86eb6d808f3a3f0dd373082060c838cf829ca15f2d41d64df7a15f6014d4401019e45d39b564f1dade27f328c165792776692f361f4d95f955da1160c1db016
-  data.tar.gz: a8262ff6dc805641118dd60691d80da5ac8bd23efd69274c1807feb94f3ddde1da1bfecbc538a2a62e06f02a242384629393fb42216875e57f5aebabd3e902b9
+  metadata.gz: 1b61e28ecced2336af416e61907c9f4b279c6f7b37df75a8d73a449fda4aac7ba62583255ba2b136f05286f69f840734d5bdd8573da5f11393106c3e6bd082c2
+  data.tar.gz: 703e1df77bb2da424be80c9f0491f57bf021ee312add658062c0c6fe736429fab3fe589a273cf32646ca331ec4e21c435fa51d4bfa2c8cedbc560f7e1b9f69ed

data/CHANGELOG.md

@@ -1,4 +1,8 @@
 
+## 2.9.4 - July 16, 2018
+
+  - Fixed issue with malformed object mode input.
+
 ## 2.9.3 - June 12, 2018
 
   - Handle `\0` in dumped strings better.

data/ext/ox/dump.c

@@ -1270,6 +1270,7 @@ dump_obj_to_xml(VALUE obj, Options copts, Out out) {
     out->circ_cnt = 0;
     out->opts = copts;
     out->obj = obj;
+    *out->cur = '\0';
     if (Yes == copts->circular) {
 	ox_cache8_new(&out->circ_cache);
     }

data/ext/ox/obj_load.c

@@ -24,7 +24,7 @@ static VALUE	parse_xsd_time(const char *text, VALUE clas);
 static VALUE	parse_double_time(const char *text, VALUE clas);
 static VALUE	parse_regexp(const char *text);
 
-static VALUE		get_var_sym_from_attrs(Attr a, void *encoding);
+static ID		get_var_sym_from_attrs(Attr a, void *encoding);
 static VALUE		get_obj_from_attrs(Attr a, PInfo pi, VALUE base_class);
 static VALUE		get_class_from_attrs(Attr a, PInfo pi, VALUE base_class);
 static VALUE		classname2class(const char *name, PInfo pi, VALUE base_class);
@@ -76,7 +76,7 @@ str2sym(const char *str, void *encoding) {
 inline static ID
 name2var(const char *name, void *encoding) {
     VALUE	*slot;
-    ID		var_id;
+    ID		var_id = 0;
 
     if ('0' <= *name && *name <= '9') {
 	var_id = INT2NUM(atoi(name));
@@ -194,7 +194,6 @@ parse_time(const char *text, VALUE clas) {
 	Qnil == (t = parse_xsd_time(text, clas))) {
 	VALUE	    args[1];
 
-	/*printf("**** time parse\n"); */
 	*args = rb_str_new2(text);
 	t = rb_funcall2(ox_time_class, ox_parse_id, 1, args);
     }
@@ -236,14 +235,14 @@ classname2class(const char *name, PInfo pi, VALUE base_class) {
     return clas;
 }
 
-static VALUE
+static ID
 get_var_sym_from_attrs(Attr a, void *encoding) {
     for (; 0 != a->name; a++) {
 	if ('a' == *a->name && '\0' == *(a->name + 1)) {
 	    return name2var(a->value, encoding);
 	}
     }
-    return Qundef;
+    return 0;
 }
 
 static VALUE
@@ -544,7 +543,7 @@ add_text(PInfo pi, char *text, int closed) {
 	break;
     case BigDecimalCode:
 #if HAS_BIGDECIMAL
-	h->obj = rb_funcall(ox_bigdecimal_class, ox_new_id, 1, rb_str_new2(text));
+	h->obj = rb_funcall(rb_cObject, ox_bigdecimal_id, 1, rb_str_new2(text));
 #else
 	h->obj = Qnil;
 #endif
@@ -646,7 +645,7 @@ add_element(PInfo pi, const char *ename, Attr attrs, int hasChildren) {
 	break;
     case RawCode:
 	if (hasChildren) {
-	    h->obj = ox_parse(pi->s, ox_gen_callbacks, &pi->s, pi->options, &pi->err);
+	    h->obj = ox_parse(pi->s, pi->end - pi->s, ox_gen_callbacks, &pi->s, pi->options, &pi->err);
 	    if (0 != pi->circ_array) {
 		circ_array_set(pi->circ_array, h->obj, get_id_from_attrs(pi, attrs));
 	    }
@@ -730,6 +729,10 @@ end_element(PInfo pi, const char *ename) {
 	    /* special catch for empty strings */
 	    h->obj = rb_str_new2("");
 	}
+	if (Qundef == h->obj) {
+	    set_error(&pi->err, "Invalid element for object mode", pi->str, pi->s);
+	    return;
+	}
 	pi->obj = h->obj;
 	if (0 != ph) {
 	    switch (ph->type) {
@@ -739,11 +742,19 @@ end_element(PInfo pi, const char *ename) {
 	    case ExceptionCode:
 	    case ObjectCode:
 		if (Qnil != ph->obj) {
+		    if (0 == h->var) {
+			set_error(&pi->err, "Invalid element for object mode", pi->str, pi->s);
+			return;
+		    }
 		    rb_ivar_set(ph->obj, h->var, h->obj);
 		}
 		break;
 	    case StructCode:
 #if HAS_RSTRUCT
+		if (0 == h->var) {
+		    set_error(&pi->err, "Invalid element for object mode", pi->str, pi->s);
+		    return;
+		}
 		rb_struct_aset(ph->obj, h->var, h->obj);
 #else
 		set_error(&pi->err, "Ruby structs not supported with this verion of Ruby", pi->str, pi->s);
@@ -776,7 +787,7 @@ end_element(PInfo pi, const char *ename) {
 		    Helper	gh;
 
 		    helper_stack_pop(&pi->helpers);
-		    if (NULL == (gh = helper_stack_peek(&pi->helpers))) {
+		    if (NULL == (gh = helper_stack_peek(&pi->helpers)) || Qundef == ph->obj || Qundef == h->obj) {
 			set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
 			return;
 		    }
@@ -795,11 +806,19 @@ end_element(PInfo pi, const char *ename) {
 		return;
 #endif
 		break;
-	    case RationalCode:
+	    case RationalCode: {
+		if (Qundef == h->obj || RUBY_T_FIXNUM != rb_type(h->obj)) {
+		    set_error(&pi->err, "Invalid object format", pi->str, pi->s);
+		    return;
+		}
 #ifdef T_RATIONAL
 		if (Qundef == ph->obj) {
 		    ph->obj = h->obj;
 		} else {
+		    if (Qundef == ph->obj || RUBY_T_FIXNUM != rb_type(h->obj)) {
+			set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
+			return;
+		    }
 #ifdef RUBINIUS_RUBY
 		    ph->obj = rb_Rational(ph->obj, h->obj);
 #else
@@ -811,6 +830,7 @@ end_element(PInfo pi, const char *ename) {
 		return;
 #endif
 		break;
+	    }
 	    default:
 		set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
 		return;
@@ -948,7 +968,7 @@ debug_stack(PInfo pi, const char *comment) {
 
 		clas = rb_class2name(c);
 	    }
-	    if (Qundef != h->var) {
+	    if (0 != h->var) {
 		if (HashCode == h->type) {
 		    VALUE	v;
 		    

data/ext/ox/ox.c

@@ -39,6 +39,7 @@ ID	ox_attr_value_id;
 ID	ox_attributes_id;
 ID	ox_attrs_done_id;
 ID	ox_beg_id;
+ID	ox_bigdecimal_id;
 ID	ox_cdata_id;
 ID	ox_comment_id;
 ID	ox_den_id;
@@ -645,7 +646,7 @@ to_obj(VALUE self, VALUE ruby_xml) {
 #if HAS_GC_GUARD
     rb_gc_disable();
 #endif
-    obj = ox_parse(xml, ox_obj_callbacks, 0, &options, &err);
+    obj = ox_parse(xml, len - 1, ox_obj_callbacks, 0, &options, &err);
     if (SMALL_XML < len) {
 	xfree(xml);
     }
@@ -686,7 +687,7 @@ to_gen(VALUE self, VALUE ruby_xml) {
 	xml = ALLOCA_N(char, len);
     }
     memcpy(xml, x, len);
-    obj = ox_parse(xml, ox_gen_callbacks, 0, &options, &err);
+    obj = ox_parse(xml, len - 1, ox_gen_callbacks, 0, &options, &err);
     if (SMALL_XML < len) {
 	xfree(xml);
     }
@@ -697,7 +698,7 @@ to_gen(VALUE self, VALUE ruby_xml) {
 }
 
 static VALUE
-load(char *xml, int argc, VALUE *argv, VALUE self, VALUE encoding, Err err) {
+load(char *xml, size_t len, int argc, VALUE *argv, VALUE self, VALUE encoding, Err err) {
     VALUE		obj;
     struct _Options	options = ox_default_options;
 
@@ -838,29 +839,29 @@ load(char *xml, int argc, VALUE *argv, VALUE self, VALUE encoding, Err err) {
 #if HAS_GC_GUARD
 	rb_gc_disable();
 #endif
-	obj = ox_parse(xml, ox_obj_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_obj_callbacks, 0, &options, err);
 #if HAS_GC_GUARD
 	RB_GC_GUARD(obj);
 	rb_gc_enable();
 #endif
 	break;
     case GenMode:
-	obj = ox_parse(xml, ox_gen_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_gen_callbacks, 0, &options, err);
 	break;
     case LimMode:
-	obj = ox_parse(xml, ox_limited_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_limited_callbacks, 0, &options, err);
 	break;
     case HashMode:
-	obj = ox_parse(xml, ox_hash_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_hash_callbacks, 0, &options, err);
 	break;
     case HashNoAttrMode:
-	obj = ox_parse(xml, ox_hash_no_attrs_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_hash_no_attrs_callbacks, 0, &options, err);
 	break;
     case NoMode:
-	obj = ox_parse(xml, ox_nomode_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_nomode_callbacks, 0, &options, err);
 	break;
     default:
-	obj = ox_parse(xml, ox_gen_callbacks, 0, &options, err);
+	obj = ox_parse(xml, len, ox_gen_callbacks, 0, &options, err);
 	break;
     }
     return obj;
@@ -920,7 +921,8 @@ load_str(int argc, VALUE *argv, VALUE self) {
     encoding = Qnil;
 #endif
     memcpy(xml, StringValuePtr(*argv), len);
-    obj = load(xml, argc - 1, argv + 1, self, encoding, &err);
+    xml[len - 1] = '\0';
+    obj = load(xml, len - 1, argc - 1, argv + 1, self, encoding, &err);
     if (SMALL_XML < len) {
 	xfree(xml);
     }
@@ -980,7 +982,7 @@ load_file(int argc, VALUE *argv, VALUE self) {
 	obj = Qnil;
     } else {
 	xml[len] = '\0';
-	obj = load(xml, argc - 1, argv + 1, self, Qnil, &err);
+	obj = load(xml, len, argc - 1, argv + 1, self, Qnil, &err);
     }
     fclose(f);
     if (SMALL_XML < len) {
@@ -1376,6 +1378,7 @@ void Init_ox() {
     ox_attributes_id = rb_intern("@attributes");
     ox_attrs_done_id = rb_intern("attrs_done");
     ox_beg_id = rb_intern("@beg");
+    ox_bigdecimal_id = rb_intern("BigDecimal");
     ox_cdata_id = rb_intern("cdata");
     ox_comment_id = rb_intern("comment");
     ox_den_id = rb_intern("@den");

data/ext/ox/ox.h

@@ -156,17 +156,18 @@ typedef struct _Options {
 struct _PInfo {
     struct _HelperStack	helpers;
     struct _Err		err;
-    char		*str;		/* buffer being read from */
-    char		*s;		/* current position in buffer */
+    char		*str;		//buffer being read from
+    char		*end;		// end of original string
+    char		*s;		// current position in buffer
     VALUE		obj;
     ParseCallbacks	pcb;
     CircArray		circ_array;
-    unsigned long	id;		/* set for text types when cirs_array is set */
+    unsigned long	id;		//set for text types when cirs_array is set
     Options		options;
-    char		last;		/* last character read, rarely set */
+    char		last;		// last character read, rarely set
 };
 
-extern VALUE	ox_parse(char *xml, ParseCallbacks pcb, char **endp, Options options, Err err);
+extern VALUE	ox_parse(char *xml, size_t len, ParseCallbacks pcb, char **endp, Options options, Err err);
 extern void	_ox_raise_error(const char *msg, const char *xml, const char *current, const char* file, int line);
 
 extern void	ox_sax_define(void);
@@ -190,6 +191,7 @@ extern ID	ox_attr_value_id;
 extern ID	ox_attrs_done_id;
 extern ID	ox_attributes_id;
 extern ID	ox_beg_id;
+extern ID	ox_bigdecimal_id;
 extern ID	ox_cdata_id;
 extern ID	ox_comment_id;
 extern ID	ox_den_id;

data/ext/ox/parse.c

@@ -108,7 +108,7 @@ mark_pi_cb(void *ptr) {
 }
 
 VALUE
-ox_parse(char *xml, ParseCallbacks pcb, char **endp, Options options, Err err) {
+ox_parse(char *xml, size_t len, ParseCallbacks pcb, char **endp, Options options, Err err) {
     struct _PInfo	pi;
     int			body_read = 0;
     int			block_given = rb_block_given_p();
@@ -128,6 +128,7 @@ ox_parse(char *xml, ParseCallbacks pcb, char **endp, Options options, Err err) {
 
     err_init(&pi.err);
     pi.str = xml;
+    pi.end = pi.str + len;
     pi.s = xml;
     pi.pcb = pcb;
     pi.obj = Qnil;
@@ -456,6 +457,9 @@ read_element(PInfo pi) {
     /* read attribute names until the close (/ or >) is reached */
     while (!done) {
 	if ('\0' == c) {
+	    if (pi->end <= pi->s) {
+		break;
+	    }
 	    next_non_white(pi);
 	    c = *pi->s;
 	}
@@ -485,6 +489,7 @@ read_element(PInfo pi) {
 	    hasChildren = 1;
 	    done = 1;
 	    pi->pcb->add_element(pi, ename, attrs.head, hasChildren);
+	    
 	    break;
 	default:
 	    /* Attribute name so it's an element and the attribute will be */

data/lib/ox/version.rb

@@ -1,5 +1,5 @@
 
 module Ox
-  # Current version of the module. 
-  VERSION = '2.9.3'
+  # Current version of the module.
+  VERSION = '2.9.4'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ox
 version: !ruby/object:Gem::Version
-  version: 2.9.3
+  version: 2.9.4
 platform: ruby
 authors:
 - Peter Ohler
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-12 00:00:00.000000000 Z
+date: 2018-07-16 00:00:00.000000000 Z
 dependencies: []
 description: "A fast XML parser and object serializer that uses only standard C lib.\n
   \           \nOptimized XML (Ox), as the name implies was written to provide speed