From: Nobuyoshi Nakada Date: 2011-08-09T11:23:22+09:00 Subject: [ruby-core:38867] [Ruby 1.9 - Bug #5173] [PATCH] json/generator: prevent GC of temporary strings Issue #5173 has been updated by Nobuyoshi Nakada. =begin The implementation of json/generator seems quite naive. I found a couple of severe bugs in several minutes. $ ./ruby -rjson -e 'class Bignum;def to_s;end;end; p JSON::Ext::Generator::State.new.generate(1<<64)' -e:1: [BUG] Bus Error $ ./ruby -rjson -e 'class << (a = ""); def to_s;self;end; undef to_json; end; p JSON::Ext::Generator::State.new.generate(a)' -e:0: stack level too deep (SystemStackError) Anyway, JSON issues need to be reported to the upstream. =end ---------------------------------------- Bug #5173: [PATCH] json/generator: prevent GC of temporary strings http://redmine.ruby-lang.org/issues/5173 Author: Eric Wong Status: Open Priority: Normal Assignee: Category: ext Target version: 1.9.x ruby -v: ruby 1.9.4dev (2011-08-07 trunk 32885) [x86_64-linux] ext/json/generator/generator.c: prevent GC of temporary strings We need to guard temporary strings from being collected while we append to the JSON buffer (which may allocate memory). The RSTRING_PAIR macro is dangerous since it preserves no pointer to the original string VALUE, allowing GC to reap the object while we're still using the (C) string pointer. The included test case shows data corruption with large Bignums without this fix. If you prefer git pull: git pull git://bogomips.org/ruby json-gc-guard -- http://redmine.ruby-lang.org