From: Olga Arkhangelskaia <arkholga@tarantool.org> To: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH] json: fix silent change of global json settings Date: Mon, 10 Feb 2020 10:57:07 +0300 [thread overview] Message-ID: <20200210075707.86953-1-arkholga@tarantool.org> (raw) When json.decode is used with 2 arguments, 2nd argument seeps out to global json settings. Morover, due to current serialier.cfg implementation it remains invisible while checking settings by json.cfg. To prevent sucj behaviour we stop writing to global serializer struct and use local one, to get one-time action. As was mention before json.cfg can not be trusted in this case, so to check that everything remained unchanged we call decode twice with and without 2nd argument. Closes #4761 --- Issue:https://github.com/tarantool/tarantool/issues/4761 Branch:https://github.com/tarantool/tarantool/tree/OKriw/gh-4761-json.decode-silently-changes-config-when-used-with-config-settings test/app-tap/json.test.lua | 7 ++++++- third_party/lua-cjson/lua_cjson.c | 10 +++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/test/app-tap/json.test.lua b/test/app-tap/json.test.lua index fadfc74ec..a6b36ff3d 100755 --- a/test/app-tap/json.test.lua +++ b/test/app-tap/json.test.lua @@ -22,7 +22,7 @@ end tap.test("json", function(test) local serializer = require('json') - test:plan(40) + test:plan(41) test:test("unsigned", common.test_unsigned, serializer) test:test("signed", common.test_signed, serializer) @@ -94,6 +94,11 @@ tap.test("json", function(test) 'error: too many nested data structures') test:is(serializer.cfg.decode_max_depth, orig_decode_max_depth, 'global option remains unchanged') + -- + -- gh-4761 json.decode silently changes global settings of json when called + -- with 2d parameter + -- + test:ok(pcall(serializer.decode,'{"1":{"b":{"c":1,"d":null}},"a":1}')) -- -- gh-3514: fix parsing integers with exponent in json diff --git a/third_party/lua-cjson/lua_cjson.c b/third_party/lua-cjson/lua_cjson.c index 3d25814f3..f855cbd80 100644 --- a/third_party/lua-cjson/lua_cjson.c +++ b/third_party/lua-cjson/lua_cjson.c @@ -1004,13 +1004,13 @@ static int json_decode(lua_State *l) luaL_argcheck(l, lua_gettop(l) == 2 || lua_gettop(l) == 1, 1, "expected 1 or 2 arguments"); + struct luaL_serializer *cfg = luaL_checkserializer(l); + struct luaL_serializer user_cfg = *cfg; + json.cfg = cfg; if (lua_gettop(l) == 2) { - struct luaL_serializer *user_cfg = luaL_checkserializer(l); - luaL_serializer_parse_options(l, user_cfg); + luaL_serializer_parse_options(l, &user_cfg); lua_pop(l, 1); - json.cfg = user_cfg; - } else { - json.cfg = luaL_checkserializer(l); + json.cfg = &user_cfg; } json.data = luaL_checklstring(l, 1, &json_len); -- 2.20.1 (Apple Git-117)
next reply other threads:[~2020-02-10 7:57 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-10 7:57 Olga Arkhangelskaia [this message] 2020-02-10 13:08 ` Nikita Pettik 2020-02-11 8:46 ` Olga Arkhangelskaia 2020-02-11 12:36 ` Nikita Pettik 2020-02-13 23:17 ` Alexander Turenko 2020-02-14 15:55 ` Olga Arkhangelskaia 2020-02-16 0:06 ` Alexander Turenko -- strict thread matches above, loose matches on Subject: below -- 2020-02-05 12:28 Olga Arkhangelskaia 2020-02-10 7:57 ` Olga Arkhangelskaia
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200210075707.86953-1-arkholga@tarantool.org \ --to=arkholga@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH] json: fix silent change of global json settings' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox