From: Nobuyoshi Nakada <nobu@...>
Date: 2011-08-09T11:23:22+09:00
Subject: [ruby-core:38867] [Ruby 1.9 - Bug #5173] [PATCH] json/generator: prevent GC of temporary strings


Issue #5173 has been updated by Nobuyoshi Nakada.


=begin
The implementation of json/generator seems quite naive.
I found a couple of severe bugs in several minutes.

  $ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)'
  -e:1: [BUG] Bus Error

  $ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)'
  -e:0: stack level too deep (SystemStackError)

Anyway, JSON issues need to be reported to the upstream.
=end

----------------------------------------
Bug #5173: [PATCH] json/generator: prevent GC of temporary strings
http://redmine.ruby-lang.org/issues/5173

Author: Eric Wong
Status: Open
Priority: Normal
Assignee: 
Category: ext
Target version: 1.9.x
ruby -v: ruby 1.9.4dev (2011-08-07 trunk 32885) [x86_64-linux]


ext/json/generator/generator.c: prevent GC of temporary strings

We need to guard temporary strings from being collected while we
append to the JSON buffer (which may allocate memory).  The
RSTRING_PAIR macro is dangerous since it preserves no pointer to
the original string VALUE, allowing GC to reap the object while
we're still using the (C) string pointer.

The included test case shows data corruption with large
Bignums without this fix.


If you prefer git pull: git pull git://bogomips.org/ruby json-gc-guard



-- 
http://redmine.ruby-lang.org