#2831 [PATCH] ActiveSupport::JSON.decode explodes in certain circumstances - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2831 ✓resolved

[PATCH] ActiveSupport::JSON.decode explodes in certain circumstances

Reported by Martin Kleppmann | June 24th, 2009 @ 06:44 PM

ActiveSupport::JSON.decode has problems with JSON strings which include both quoted slashes and dates:

>> ActiveSupport::JSON.decode('{"r":"http:\/\/foo","d":"2004-06-24"}')
IndexError: index 38 out of string
    from /Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/json/decoding.rb:75:in `[]='
    from /Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/json/decoding.rb:75:in `convert_json_to_yaml'
    from /Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/json/decoding.rb:75:in `each'
    from /Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/json/decoding.rb:75:in `convert_json_to_yaml'
    from /Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/json/decoding.rb:12:in `decode'

Whether quoted slashes are actually valid JSON is not completely clear, but they are definitely seen in the wild -- the JSON gem's Hash#to_json method produces them, for example.

Comments and changes to this ticket

Yehuda Katz (wycats) July 2nd, 2009 @ 08:16 PM
- State changed from “new” to “open”
You flagged this item as spam.
Bas van Klinkenberg August 1st, 2009 @ 01:40 AM
- Title changed from “ActiveSupport::JSON.decode explodes in certain circumstances” to “[PATCH] ActiveSupport::JSON.decode explodes in certain circumstances”
Here is a patch for this bug. I also believe this solves bug #2273.

The cause of the bug is that between the moment when the position of the quotes around dates are tracked, and the moment those quotes are removed, the output string has changed size due to removing backslashes and/or decoding unicode sequences. Due to this wrong characters in the string are overwritten, causing Yaml to fail consequently, which causes a ParseError exception.

This patch moves the code that replaces the quotes above the code that handles the backslashes and unicode sequences, before the string size changes.
- fix_active_support_json_decode_yaml_dates_and_escaped_data.diff 4 KB
CancelProfileIsBroken August 8th, 2009 @ 01:01 PM
- Tag changed from “2.3.2, activesupport, json” to “2.3.2, activesupport, bugmash, json”

Nikolay Petrachkov August 8th, 2009 @ 01:18 PM

Assigned user set to “Pratik”

Patch is verified for above code.

Before:

ActiveSupport::JSON.decode('{"r":"http:\/\/foo","d":"2004-06-24"}')
IndexError: index 38 out of string
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/backends/yaml.rb:77:in `[]='
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/backends/yaml.rb:77:in `convert_json_to_yaml'
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/backends/yaml.rb:77:in `each'
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/backends/yaml.rb:77:in `convert_json_to_yaml'
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/backends/yaml.rb:16:in `decode'
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/decoding.rb:11:in `__send__'
    from /opt/rubyee/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/json/decoding.rb:11:in `decode'
    from (irb):1

After patch:

ActiveSupport::JSON.decode('{"r":"http:\/\/foo","d":"2004-06-24"}')
=> {"d"=>Thu, 24 Jun 2004, "r"=>"http://foo"}

Rizwan Reza August 8th, 2009 @ 04:25 PM
verified

+1 This patch works perfectly. All tests pass.
Repository August 8th, 2009 @ 04:45 PM
- State changed from “open” to “resolved”
(from [0fbeaa98e4e60ca0949be298dae8545807407e1d]) Fixed a bug in JSON decoding with Yaml backend, where a combination of dates, escaped or unicode encoded data and arrays would make the parser fail with a ParseError exception. [#2831 state:resolved]

Signed-off-by: Yehuda Katz wycats@gmail.com
http://github.com/rails/rails/commit/0fbeaa98e4e60ca0949be298dae854...
CancelProfileIsBroken August 8th, 2009 @ 11:07 PM
- Assigned user cleared.
- Tag changed from “2.3.2, activesupport, bugmash, json” to “2.3.2, activesupport, json”
- Milestone cleared.
You flagged this item as spam.
Nathan Beyer February 12th, 2010 @ 10:12 PM
This issue is present in the 2.3.5 release. It looks like the patch was only applied to the 2.3.2 branch and didn't make it beyond that.

Should a new bug be opened?
You flagged this item as spam.
gregpyp March 14th, 2010 @ 08:02 PM
this bug is in the 2.3.5 too
You flagged this item as spam.
Nathan Beyer March 15th, 2010 @ 12:08 AM
I created a new ticket with the patch ported to the 2-3-stable branch - https://rails.lighthouseapp.com/projects/8994/tickets/4102-ticket-2... .
Repository March 15th, 2010 @ 04:51 AM
(from [b99914cc3e58e6444f66006cd4b9b4fa7368afe2]) Fixed a bug in JSON decoding with Yaml backend, where a combination of dates, escaped or unicode encoded data and arrays would make the parser fail with a ParseError exception.

[#2831]

Signed-off-by: Yehuda Katz wycats@gmail.com
Signed-off-by: Jeremy Kemper jeremy@bitsweat.net
http://github.com/rails/rails/commit/b99914cc3e58e6444f66006cd4b9b4...
You flagged this item as spam.
ssupreme11 May 10th, 2011 @ 10:37 PM
- Importance changed from “” to “”
Its my first time to visit this site and as I was exploring I cant believe that this site was made up of a very informative articles that you should try to have compliment with so as what I am doing now I really love to look forward with more interesting information on this site. Dissertation Writing
.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

People watching this ticket

Attachments

fix_active_support_json_dec... 4 KB

Referenced by

2273 ActiveSupport::JSON.decode dies on double escaped string Before patch by Bas van Klinkenberg (https://rails.lighth...
2831 [PATCH] ActiveSupport::JSON.decode explodes in certain circumstances (from [0fbeaa98e4e60ca0949be298dae8545807407e1d]) Fixed a...
2273 ActiveSupport::JSON.decode dies on double escaped string Should be marked as "resolved, duplicate". Fix merged in ...
2273 ActiveSupport::JSON.decode dies on double escaped string Duplicate of #2831
4102 Ticket 2831 "ActiveSupport::JSON.decode explodes in certain circumstances" regression [1] https://rails.lighthouseapp.com/projects/8994/tickets...
2831 [PATCH] ActiveSupport::JSON.decode explodes in certain circumstances [#2831]
2273 ActiveSupport::JSON.decode dies on double escaped string Please have a look at #2831, which is very similar to thi...
2273 ActiveSupport::JSON.decode dies on double escaped string Please have a look at #2831, which is very similar to thi...
6247 ActiveSupport::JSON.decode fails on long unicode sequence with default YAML-based parser Since I'm still running Rails 2.3.5, I tried a fix on con...

Rails Ruby on Rails

[PATCH] ActiveSupport::JSON.decode explodes in certain circumstances

Comments and changes to this ticket

Yehuda Katz (wycats) July 2nd, 2009 @ 08:16 PM

Bas van Klinkenberg August 1st, 2009 @ 01:40 AM

CancelProfileIsBroken August 8th, 2009 @ 01:01 PM

Nikolay Petrachkov August 8th, 2009 @ 01:18 PM

Rizwan Reza August 8th, 2009 @ 04:25 PM

Repository August 8th, 2009 @ 04:45 PM

CancelProfileIsBroken August 8th, 2009 @ 11:07 PM

Nathan Beyer February 12th, 2010 @ 10:12 PM

gregpyp March 14th, 2010 @ 08:02 PM

Nathan Beyer March 15th, 2010 @ 12:08 AM

Repository March 15th, 2010 @ 04:51 AM

ssupreme11 May 10th, 2011 @ 10:37 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Referenced by

Pages

Keyword searching

[PATCH] ActiveSupport::JSON.decode explodes in certain circumstances

Comments and changes to this ticket

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Referenced by

Pages