Project

General

Profile

Actions
Copy link

Bug #5173

closed

[PATCH] json/generator: prevent GC of temporary strings

Added by normalperson (Eric Wong) over 12 years ago. Updated over 12 years ago.

Status:
Closed
Assignee:
-
Target version:
2.0.0
ruby -v:
ruby 1.9.4dev (2011-08-07 trunk 32885) [x86_64-linux]
Backport:
[ruby-core:38866]

Description

ext/json/generator/generator.c: prevent GC of temporary strings

We need to guard temporary strings from being collected while we
append to the JSON buffer (which may allocate memory). The
RSTRING_PAIR macro is dangerous since it preserves no pointer to
the original string VALUE, allowing GC to reap the object while
we're still using the (C) string pointer.

The included test case shows data corruption with large
Bignums without this fix.

If you prefer git pull: git pull git://bogomips.org/ruby json-gc-guard

Files

0001-ext-json-generator-generator.c-prevent-GC-for-tempor.patch (3.64 KB) 0001-ext-json-generator-generator.c-prevent-GC-for-tempor.patch normalperson (Eric Wong), 08/09/2011 10:45 AM
Actions
Copy link
 #1 [ruby-core:38867]

Updated by nobu (Nobuyoshi Nakada) over 12 years ago

=begin
The implementation of json/generator seems quite naive.
I found a couple of severe bugs in several minutes.

$ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)'
-e:1: [BUG] Bus Error

$ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)'
-e:0: stack level too deep (SystemStackError)

Anyway, JSON issues need to be reported to the upstream.
=end

Actions
Copy link
 #2 [ruby-core:38868]

Updated by naruse (Yui NARUSE) over 12 years ago

Nobuyoshi Nakada wrote:

Anyway, JSON issues need to be reported to the upstream.

The upstream is https://github.com/flori/json

Actions
Copy link
 #3 [ruby-core:38869]

Updated by normalperson (Eric Wong) over 12 years ago

Nobuyoshi Nakada wrote:

=begin
The implementation of json/generator seems quite naive.

Yeah :< I don't know why any of the fbuffer code exists since rb_str_*
provides that functionality already...

$ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)'
-e:1: [BUG] Bus Error

I made it raise TypeError in
http://bogomips.org/ruby-json.git/commit/?id=40869aa9fc8ab194813b8

$ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)'
-e:0: stack level too deep (SystemStackError)

Haven't gotten to this one, yet. Can you fix or report? Maybe I'll
have time tomorrow...

Anyway, JSON issues need to be reported to the upstream.

I've ported the changes to the standalone json gem and
updated https://github.com/flori/json/issues/46 with links
to my repos.

--
Eric Wong

Actions
Copy link
 #4

Updated by naruse (Yui NARUSE) over 12 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r33122.
Eric, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0