Bug #18728
closed
Segfault since ruby 3.0.4 when parsing JSON
Description
This is a regression since 3.0.4. When parsing a JSON with an empty string as a key ruby segfaults.
Reproduction steps:
require "json"
puts JSON.parse('{ "": "foo" }')
leads to
RSTRING_PTR is returning NULL!! SIGSEGV is highly expected to follow immediately. If you could reproduce, attach your debugger here, and look at the passed string.
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216: [BUG] Segmentation fault at 0x0000000000000000
ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [x86_64-darwin21]
-- Crash Report log information --------------------------------------------
See Crash Report log file under the one of following:
* ~/Library/Logs/DiagnosticReports
* /Library/Logs/DiagnosticReports
for more details.
Don't forget to include the above Crash Report log file in bug reports.
-- Control frame information -----------------------------------------------
c:0004 p:---- s:0017 e:000016 CFUNC :parse
c:0003 p:0027 s:0013 e:000012 METHOD /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216
c:0002 p:0020 s:0007 e:000005 EVAL test.rb:3 [FINISH]
c:0001 p:0000 s:0003 E:002000 (none) [FINISH]
-- Ruby level backtrace information ----------------------------------------
test.rb:3:in `<main>'
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216:in `parse'
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216:in `parse'
The same script completes in ruby 3.0.3 and prior.
I also opened an issue with the json-gem (https://github.com/flori/json/issues/495), but as it broke with the ruby update it seems to be a bug in ruby itself?
Updated by peterzhu2118 (Peter Zhu) about 3 years ago
- Status changed from Open to Third Party's Issue
Thank you for the report. The script works fine on Ruby's builtin JSON gem. I can reproduce the crash when I install flori/json. From the stack trace generated, the crash originates from the C extension binary in flori/json, so it's likely a bug in flori/json.
If, through further debugging, you find bugs in the Ruby C API, please open a separate issue for that.
Updated by jeremyevans0 (Jeremy Evans) about 3 years ago
The underlying issue is that rb_utf8_str_new and rb_str_new will accept a NULL pointer, where rb_enc_interned_str crashes on a NULL pointer. I'm not sure that is a bug in Ruby, but at least it is an inconsistency. The json gem was passing a NULL pointer for empty strings previously, and when they switched to using rb_enc_interned_str, that's when these crashes started happening.