Bug #5173

[PATCH] json/generator: prevent GC of temporary strings

Added by Eric Wong almost 4 years ago. Updated over 3 years ago.

[ruby-core:38866]
Status:Closed
Priority:Normal
Assignee:-
ruby -v:ruby 1.9.4dev (2011-08-07 trunk 32885) [x86_64-linux] Backport:

Description

ext/json/generator/generator.c: prevent GC of temporary strings

We need to guard temporary strings from being collected while we
append to the JSON buffer (which may allocate memory). The
RSTRING_PAIR macro is dangerous since it preserves no pointer to
the original string VALUE, allowing GC to reap the object while
we're still using the (C) string pointer.

The included test case shows data corruption with large
Bignums without this fix.

If you prefer git pull: git pull git://bogomips.org/ruby json-gc-guard

0001-ext-json-generator-generator.c-prevent-GC-for-tempor.patch Magnifier (3.64 KB) Eric Wong, 08/09/2011 10:45 AM

Associated revisions

Revision 33122
Added by Yui NARUSE over 3 years ago

  • ext/json: Merge json gem 1.5.4+ (2149f4185c598fb97db1). [Bug #5173]

Revision 33122
Added by Yui NARUSE over 3 years ago

  • ext/json: Merge json gem 1.5.4+ (2149f4185c598fb97db1). [Bug #5173]

History

#1 Updated by Nobuyoshi Nakada almost 4 years ago

=begin
The implementation of json/generator seems quite naive.
I found a couple of severe bugs in several minutes.

$ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)'
-e:1: [BUG] Bus Error

$ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)'
-e:0: stack level too deep (SystemStackError)

Anyway, JSON issues need to be reported to the upstream.
=end

#2 Updated by Yui NARUSE almost 4 years ago

Nobuyoshi Nakada wrote:

Anyway, JSON issues need to be reported to the upstream.

The upstream is https://github.com/flori/json

#3 Updated by Eric Wong almost 4 years ago

Nobuyoshi Nakada nobu@ruby-lang.org wrote:

=begin
The implementation of json/generator seems quite naive.

Yeah :< I don't know why any of the fbuffer code exists since rb_str_*
provides that functionality already...

$ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)'
-e:1: [BUG] Bus Error

I made it raise TypeError in
http://bogomips.org/ruby-json.git/commit/?id=40869aa9fc8ab194813b8

$ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)'
-e:0: stack level too deep (SystemStackError)

Haven't gotten to this one, yet. Can you fix or report? Maybe I'll
have time tomorrow...

Anyway, JSON issues need to be reported to the upstream.

I've ported the changes to the standalone json gem and
updated https://github.com/flori/json/issues/46 with links
to my repos.

--
Eric Wong

#4 Updated by Yui NARUSE over 3 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r33122.
Eric, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • ext/json: Merge json gem 1.5.4+ (2149f4185c598fb97db1). [Bug #5173]

Also available in: Atom PDF