Update embedded jsonlite

r-lib · Dec 9, 2023 · 1c4327e · 1c4327e
1 parent 5994291
commit 1c4327e
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 10 deletions.
diff --git a/src/library/jsonlite/DESCRIPTION b/src/library/jsonlite/DESCRIPTION
@@ -1,5 +1,5 @@
 Package: jsonlite
-Version: 1.8.7
+Version: 1.8.8
 Title: A Simple and Robust JSON Parser and Generator for R
 License: MIT + file LICENSE
 Depends: methods
@@ -25,9 +25,9 @@ Suggests: httr, vctrs, testthat, knitr, rmarkdown, R.rsp, sf
 RoxygenNote: 7.2.3
 Encoding: UTF-8
 NeedsCompilation: yes
-Packaged: 2023-06-29 08:00:03 UTC; jeroen
+Packaged: 2023-12-04 12:57:12 UTC; jeroen
 Author: Jeroen Ooms [aut, cre] (<https://orcid.org/0000-0002-4035-0289>),
   Duncan Temple Lang [ctb],
   Lloyd Hilaiel [cph] (author of bundled libyajl)
 Repository: CRAN
-Date/Publication: 2023-06-29 22:10:02 UTC
+Date/Publication: 2023-12-04 15:20:02 UTC
diff --git a/src/library/jsonlite/NEWS b/src/library/jsonlite/NEWS
@@ -1,3 +1,7 @@
+1.8.8
+  - Apply libyajl patches for CVE-2022-24795, CVE-2022-24795, CVE-2023-33460
+  - Fix printf warnings for cran
+
 1.8.7
   - toJSON(digits = NA) once again prints 15 digits max
   - Fix getRversion type (requested by CRAN)

diff --git a/src/library/jsonlite/R/stream.R b/src/library/jsonlite/R/stream.R
@@ -2,11 +2,11 @@
 #'
 #' The `stream_in` and `stream_out` functions implement line-by-line processing
 #' of JSON data over a [connection], such as a socket, url, file or pipe. JSON
-#' streaming requires the [ndjson](http://ndjson.org) format, which slightly differs
+#' streaming requires the [ndjson](https://ndjson.org) format, which slightly differs
 #' from [fromJSON()] and [toJSON()], see details.
 #'
 #' Because parsing huge JSON strings is difficult and inefficient, JSON streaming is done
-#' using **lines of minified JSON records**, a.k.a. [ndjson](http://ndjson.org).
+#' using **lines of minified JSON records**, a.k.a. [ndjson](https://ndjson.org).
 #' This is pretty standard: JSON databases such as MongoDB use the same format to
 #' import/export datasets. Note that this means that the
 #' total stream combined is not valid JSON itself; only the individual lines are. Also note

diff --git a/src/library/jsonlite/src/parse.c b/src/library/jsonlite/src/parse.c
@@ -35,7 +35,7 @@ SEXP R_parse(SEXP x, SEXP bigint_as_char) {
 
     /* parser error */
     if (!node) {
-      Rf_errorcall(R_NilValue, errbuf);
+      Rf_errorcall(R_NilValue, "%s", errbuf);
     }
     SEXP out = ParseValue(node, bigint);
     yajl_tree_free(node);

diff --git a/src/library/jsonlite/src/push_parser.c b/src/library/jsonlite/src/push_parser.c
@@ -68,5 +68,5 @@ SEXP R_parse_connection(SEXP sConn, SEXP bigint_as_char){
     strncpy(errbuf, (char *) errstr, bufsize - 1);
     yajl_free_error(push_parser, errstr);
     yajl_free(push_parser);
-    Rf_error(errbuf);
+    Rf_error("%s", errbuf);
 }
diff --git a/src/library/jsonlite/src/yajl/yajl_buf.c b/src/library/jsonlite/src/yajl/yajl_buf.c
@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
 
     need = buf->len;
 
-    while (want >= (need - buf->used)) need <<= 1;
+    if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) {
+        /* We cannot allocate more memory than SIZE_MAX. */
+        abort();
+    }
+    while (want >= (need - buf->used)) {
+        if (need >= (size_t)((size_t)(-1)<<1)>>1) {
+            /* need would overflow. */
+            abort();
+        }
+        need <<= 1;
+    }
 
     if (need != buf->len) {
         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);

diff --git a/src/library/jsonlite/src/yajl/yajl_encode.c b/src/library/jsonlite/src/yajl/yajl_encode.c
@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str,
                     end+=3;
                     /* check if this is a surrogate */
                     if ((codepoint & 0xFC00) == 0xD800) {
-                        end++;
-                        if (str[end] == '\\' && str[end + 1] == 'u') {
+                        if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') {
+                            end++;
                             unsigned int surrogate = 0;
                             hexToDigit(&surrogate, str + end + 2);
                             codepoint =

diff --git a/src/library/jsonlite/src/yajl/yajl_tree.c b/src/library/jsonlite/src/yajl/yajl_tree.c
@@ -150,6 +150,7 @@ static yajl_val context_pop(context_t *ctx)
 
     v = stack->value;
 
+    free (stack->key);
     free (stack);
 
     return (v);
@@ -455,7 +456,14 @@ yajl_val yajl_tree_parse (const char *input,
              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
              YA_FREE(&(handle->alloc), internal_err_str);
         }
+        while(ctx.stack != NULL) {
+             yajl_val v = context_pop(&ctx);
+             yajl_tree_free(v);
+        }
         yajl_free (handle);
+        //If the requested memory is not released in time, it will cause memory leakage
+        if(ctx.root)
+             yajl_tree_free(ctx.root);
         return NULL;
     }